TechSpot

Malware causing random ie popups, search redirects, sound files playing, etc..

Solved
By klwcr063085
Nov 10, 2011
  1. The issue just started yesterday with the System Restore virus. Removed this virus, restored all my icons and unhid my files. Then began recieving search redirects, random iexplorer popups and random soundfiles playing in background. Computer is running much slower. Tried other sites recommendations of running TDSSKiller, which I could not get to work even in Safe Mode. That being said, here are the logs which you require be posted:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8129

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    11/10/2011 1:54:10 PM
    mbam-log-2011-11-10 (13-54-10).txt

    Scan type: Quick scan
    Objects scanned: 182496
    Time elapsed: 8 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER ran, but stated that there were no modifications, and the log I saved showed no information.

    I have attempted running DDS, but everytime I do, it gets the majority of the way through, then my computer freezes and I have to shut it down manually.

    I apologize for not having all the data you need, but am not sure what to do, I have never had such a hard time fixing virus issues as I am now. Please help however you can, it is most appreciated!
     
  2. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    Update

    As an update to whoever is kind enough to help me out, I keep getting a window popping up saying that windows explorer has experienced an error and must close. I am at a loss as to what to do... While typing this a run program menu popped up asking me if I wanted to run a program I had nothing to do with.
     
  3. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    These random sound files

    These things are driving me nuts! A sound file is now playing, starting out about some tv ad application? I know you guys stay busy and will get to me when you can, just trying to give you as much info as I can about what is going on with my computer.
     
  4. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    Mevio

    I found that all the soundfiles, although not popping up on my screen, were coming from a site called MEVIO. No clue what it is, but that is where its been popping up from.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  6. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    Thank you!

    I am so glad to have your help!

    But I must apologize again, for some reason aswMBR won't run... I even tried running it as administrator since I know how Vista is, I clicked allow when the it popped up asking for it, and nothing else happened after that...
     
  7. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  8. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`40100000
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: 08c6d97449fb1d8bcab9d003ed787166

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  9. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  10. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    Once again I'm sorry, but same as when I wrote my original post, TDSSKiller will not run, even in safe mode. I've tried multiple times and it will pop up with the window asking whether or not to continue, I click continue, and nothing happens after that...
     
  11. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
     
  12. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    I attempted all the above methods, and although I got ComboFix to run, it would get into the scanning for infected files phase, and never leave it. I let it run all night last night after trying them both in safe mode, and when I woke up this morning the comp was frozen. I did get the RKill log, and I have a Hijackthis log as well.

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 11/11/2011 at 7:24:17.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:



    Rkill completed on 11/11/2011 at 7:25:30.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:22:50 PM, on 11/10/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Frontier\Frontier Security Services\rps.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Frontier\Servicepoint\FrontierServicepointComHandler.exe
    C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSMonitor.exe
    C:\Program Files\Frontier\Servicepoint\FrontierServicepoint.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Kyle\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.net/google/index.php?q=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/?cid=NET_mmhpset
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Powered by Charter Communications
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    R3 - URLSearchHook: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-3796973002-2924953103-1194441024-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
    O4 - Startup: CurseClientStartup.ccip
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - (no file) (HKCU)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
    O23 - Service: Frontier Security Services (Radialpoint Security Services) - Frontier - C:\Program Files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe
    O23 - Service: RadialpointIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
    O23 - Service: Frontier Security Services Firewall (RP_FWS) - Frontier - C:\Program Files\Frontier\Frontier Security Services\Fws.exe
    O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Frontier\Servicepoint\ServicepointService.exe
    O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

    --
    End of file - 7121 bytes

    Don't know if Hijackthis will help at all...
     
  13. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    I finally got TDSSKiller to work!

    Here is the log from TDSSKiller, now that I was able to get it to run:

    09:34:22.0971 5580 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
    09:34:23.0545 5580 ============================================================
    09:34:23.0545 5580 Current date / time: 2011/11/11 09:34:23.0545
    09:34:23.0545 5580 SystemInfo:
    09:34:23.0545 5580
    09:34:23.0545 5580 OS Version: 6.0.6002 ServicePack: 2.0
    09:34:23.0545 5580 Product type: Workstation
    09:34:23.0545 5580 ComputerName: KYLE-PC
    09:34:23.0546 5580 UserName: Kyle
    09:34:23.0546 5580 Windows directory: C:\Windows
    09:34:23.0546 5580 System windows directory: C:\Windows
    09:34:23.0546 5580 Processor architecture: Intel x86
    09:34:23.0546 5580 Number of processors: 2
    09:34:23.0546 5580 Page size: 0x1000
    09:34:23.0546 5580 Boot type: Normal boot
    09:34:23.0546 5580 ============================================================
    09:34:25.0412 5580 Initialize success
    09:34:27.0693 6088 ============================================================
    09:34:27.0693 6088 Scan started
    09:34:27.0693 6088 Mode: Manual;
    09:34:27.0693 6088 ============================================================
    09:34:31.0763 6088 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    09:34:31.0768 6088 ACPI - ok
    09:34:31.0815 6088 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    09:34:31.0822 6088 adp94xx - ok
    09:34:31.0877 6088 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    09:34:31.0883 6088 adpahci - ok
    09:34:31.0926 6088 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    09:34:31.0929 6088 adpu160m - ok
    09:34:32.0018 6088 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    09:34:32.0022 6088 adpu320 - ok
    09:34:32.0085 6088 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    09:34:32.0090 6088 AFD - ok
    09:34:32.0243 6088 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\Windows\system32\DRIVERS\AGRSM.sys
    09:34:32.0271 6088 AgereSoftModem - ok
    09:34:32.0342 6088 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    09:34:32.0344 6088 agp440 - ok
    09:34:32.0380 6088 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    09:34:32.0385 6088 aic78xx - ok
    09:34:32.0428 6088 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    09:34:32.0429 6088 aliide - ok
    09:34:32.0471 6088 Alpham1 (acd2f2df292b6cc28f58095bba63a068) C:\Windows\system32\DRIVERS\Alpham1.sys
    09:34:32.0473 6088 Alpham1 - ok
    09:34:32.0503 6088 Alpham2 (f4fafb2e74b83a156408b1b02302799e) C:\Windows\system32\DRIVERS\Alpham2.sys
    09:34:32.0506 6088 Alpham2 - ok
    09:34:32.0546 6088 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    09:34:32.0548 6088 amdagp - ok
    09:34:32.0585 6088 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    09:34:32.0588 6088 amdide - ok
    09:34:32.0619 6088 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    09:34:32.0624 6088 AmdK7 - ok
    09:34:32.0702 6088 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    09:34:32.0705 6088 AmdK8 - ok
    09:34:32.0796 6088 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    09:34:32.0799 6088 arc - ok
    09:34:32.0826 6088 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    09:34:32.0829 6088 arcsas - ok
    09:34:32.0860 6088 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    09:34:32.0861 6088 AsyncMac - ok
    09:34:32.0901 6088 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    09:34:32.0903 6088 atapi - ok
    09:34:33.0150 6088 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\Windows\system32\drivers\bdfsfltr.sys
    09:34:33.0152 6088 bdfsfltr - ok
    09:34:33.0183 6088 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    09:34:33.0186 6088 Beep - ok
    09:34:33.0276 6088 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    09:34:33.0278 6088 blbdrive - ok
    09:34:33.0315 6088 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    09:34:33.0317 6088 bowser - ok
    09:34:33.0338 6088 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    09:34:33.0341 6088 BrFiltLo - ok
    09:34:33.0368 6088 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    09:34:33.0369 6088 BrFiltUp - ok
    09:34:33.0402 6088 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    09:34:33.0405 6088 Brserid - ok
    09:34:33.0433 6088 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    09:34:33.0436 6088 BrSerWdm - ok
    09:34:33.0465 6088 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    09:34:33.0468 6088 BrUsbMdm - ok
    09:34:33.0499 6088 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    09:34:33.0502 6088 BrUsbSer - ok
    09:34:33.0533 6088 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    09:34:33.0535 6088 BTHMODEM - ok
    09:34:33.0641 6088 catchme - ok
    09:34:33.0766 6088 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    09:34:33.0769 6088 cdfs - ok
    09:34:33.0808 6088 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    09:34:33.0811 6088 cdrom - ok
    09:34:33.0845 6088 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    09:34:33.0848 6088 circlass - ok
    09:34:33.0887 6088 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    09:34:33.0895 6088 CLFS - ok
    09:34:33.0956 6088 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    09:34:33.0958 6088 cmdide - ok
    09:34:33.0996 6088 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
    09:34:33.0998 6088 Compbatt - ok
    09:34:34.0035 6088 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    09:34:34.0036 6088 crcdisk - ok
    09:34:34.0101 6088 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    09:34:34.0103 6088 Crusoe - ok
    09:34:34.0165 6088 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\Windows\system32\drivers\DefragFS.sys
    09:34:34.0168 6088 DefragFS - ok
    09:34:34.0200 6088 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    09:34:34.0202 6088 DfsC - ok
    09:34:34.0250 6088 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    09:34:34.0252 6088 disk - ok
    09:34:34.0314 6088 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    09:34:34.0316 6088 drmkaud - ok
    09:34:34.0364 6088 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    09:34:34.0381 6088 DXGKrnl - ok
    09:34:34.0416 6088 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    09:34:34.0420 6088 E1G60 - ok
    09:34:34.0470 6088 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    09:34:34.0476 6088 Ecache - ok
    09:34:34.0534 6088 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    09:34:34.0541 6088 elxstor - ok
    09:34:34.0584 6088 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    09:34:34.0586 6088 ErrDev - ok
    09:34:34.0720 6088 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    09:34:34.0725 6088 exfat - ok
    09:34:34.0760 6088 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    09:34:34.0764 6088 fastfat - ok
    09:34:34.0830 6088 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    09:34:34.0833 6088 fdc - ok
    09:34:34.0872 6088 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    09:34:34.0875 6088 FileInfo - ok
    09:34:34.0907 6088 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    09:34:34.0908 6088 Filetrace - ok
    09:34:34.0945 6088 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    09:34:34.0946 6088 flpydisk - ok
    09:34:34.0984 6088 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    09:34:34.0986 6088 FltMgr - ok
    09:34:35.0068 6088 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    09:34:35.0072 6088 Fs_Rec - ok
    09:34:35.0193 6088 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    09:34:35.0197 6088 gagp30kx - ok
    09:34:35.0240 6088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    09:34:35.0242 6088 GEARAspiWDM - ok
    09:34:35.0285 6088 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    09:34:35.0289 6088 HdAudAddService - ok
    09:34:35.0339 6088 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    09:34:35.0362 6088 HDAudBus - ok
    09:34:35.0525 6088 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    09:34:35.0529 6088 HidBth - ok
    09:34:35.0568 6088 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    09:34:35.0570 6088 HidIr - ok
    09:34:35.0687 6088 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    09:34:35.0693 6088 HidUsb - ok
    09:34:35.0779 6088 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    09:34:35.0781 6088 HpCISSs - ok
    09:34:35.0830 6088 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    09:34:35.0838 6088 HTTP - ok
    09:34:35.0870 6088 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    09:34:35.0871 6088 i2omp - ok
    09:34:35.0897 6088 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    09:34:35.0898 6088 i8042prt - ok
    09:34:35.0929 6088 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    09:34:35.0936 6088 iaStorV - ok
    09:34:35.0979 6088 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    09:34:35.0982 6088 iirsp - ok
    09:34:36.0074 6088 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
    09:34:36.0076 6088 int15 - ok
    09:34:36.0157 6088 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
    09:34:36.0198 6088 IntcAzAudAddService - ok
    09:34:36.0234 6088 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    09:34:36.0235 6088 intelide - ok
    09:34:36.0262 6088 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    09:34:36.0388 6088 intelppm - ok
    09:34:36.0462 6088 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    09:34:36.0465 6088 IpFilterDriver - ok
    09:34:36.0497 6088 IpInIp - ok
    09:34:36.0534 6088 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    09:34:36.0536 6088 IPMIDRV - ok
    09:34:36.0555 6088 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    09:34:36.0559 6088 IPNAT - ok
    09:34:36.0582 6088 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    09:34:36.0584 6088 IRENUM - ok
    09:34:36.0616 6088 is3srv - ok
    09:34:36.0662 6088 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    09:34:36.0664 6088 isapnp - ok
    09:34:36.0700 6088 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    09:34:36.0704 6088 iScsiPrt - ok
    09:34:36.0730 6088 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    09:34:36.0732 6088 iteatapi - ok
    09:34:36.0754 6088 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    09:34:36.0756 6088 iteraid - ok
    09:34:36.0777 6088 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    09:34:36.0780 6088 kbdclass - ok
    09:34:36.0815 6088 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    09:34:36.0817 6088 kbdhid - ok
    09:34:36.0864 6088 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    09:34:36.0878 6088 KSecDD - ok
    09:34:36.0915 6088 Lbd - ok
    09:34:36.0948 6088 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    09:34:36.0951 6088 lltdio - ok
    09:34:36.0991 6088 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    09:34:36.0994 6088 LSI_FC - ok
    09:34:37.0017 6088 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    09:34:37.0050 6088 LSI_SAS - ok
    09:34:37.0077 6088 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    09:34:37.0082 6088 LSI_SCSI - ok
    09:34:37.0110 6088 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    09:34:37.0113 6088 luafv - ok
    09:34:37.0151 6088 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
    09:34:37.0154 6088 MBAMProtector - ok
    09:34:37.0179 6088 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    09:34:37.0181 6088 megasas - ok
    09:34:37.0210 6088 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    09:34:37.0218 6088 MegaSR - ok
    09:34:37.0254 6088 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    09:34:37.0256 6088 Modem - ok
    09:34:37.0292 6088 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    09:34:37.0295 6088 monitor - ok
    09:34:37.0319 6088 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    09:34:37.0322 6088 mouclass - ok
    09:34:37.0338 6088 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    09:34:37.0340 6088 mouhid - ok
    09:34:37.0362 6088 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    09:34:37.0365 6088 MountMgr - ok
    09:34:37.0386 6088 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    09:34:37.0390 6088 mpio - ok
    09:34:37.0421 6088 MpKsla22ad28f - ok
    09:34:37.0454 6088 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    09:34:37.0458 6088 mpsdrv - ok
    09:34:37.0502 6088 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    09:34:37.0504 6088 Mraid35x - ok
    09:34:37.0551 6088 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    09:34:37.0555 6088 MRxDAV - ok
    09:34:37.0594 6088 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    09:34:37.0598 6088 mrxsmb - ok
    09:34:37.0674 6088 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    09:34:37.0679 6088 mrxsmb10 - ok
    09:34:37.0757 6088 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    09:34:37.0760 6088 mrxsmb20 - ok
    09:34:37.0802 6088 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    09:34:37.0805 6088 msahci - ok
    09:34:37.0845 6088 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    09:34:37.0849 6088 msdsm - ok
    09:34:37.0900 6088 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    09:34:37.0904 6088 Msfs - ok
    09:34:37.0931 6088 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    09:34:37.0932 6088 msisadrv - ok
    09:34:38.0181 6088 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    09:34:38.0184 6088 MSKSSRV - ok
    09:34:38.0218 6088 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    09:34:38.0220 6088 MSPCLOCK - ok
    09:34:38.0255 6088 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    09:34:38.0257 6088 MSPQM - ok
    09:34:38.0302 6088 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    09:34:38.0307 6088 MsRPC - ok
    09:34:38.0345 6088 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    09:34:38.0349 6088 mssmbios - ok
    09:34:38.0377 6088 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    09:34:38.0381 6088 MSTEE - ok
    09:34:38.0420 6088 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    09:34:38.0422 6088 Mup - ok
    09:34:38.0463 6088 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    09:34:38.0471 6088 NativeWifiP - ok
    09:34:38.0524 6088 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    09:34:38.0541 6088 NDIS - ok
    09:34:38.0665 6088 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    09:34:38.0667 6088 NdisTapi - ok
    09:34:38.0694 6088 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    09:34:38.0696 6088 Ndisuio - ok
    09:34:38.0746 6088 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    09:34:38.0750 6088 NdisWan - ok
    09:34:38.0780 6088 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    09:34:38.0784 6088 NDProxy - ok
    09:34:38.0861 6088 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    09:34:38.0863 6088 NetBIOS - ok
    09:34:38.0899 6088 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    09:34:38.0904 6088 netbt - ok
    09:34:38.0948 6088 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    09:34:38.0951 6088 nfrd960 - ok
    09:34:38.0997 6088 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    09:34:38.0999 6088 Npfs - ok
    09:34:39.0082 6088 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    09:34:39.0085 6088 nsiproxy - ok
    09:34:39.0138 6088 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    09:34:39.0165 6088 Ntfs - ok
    09:34:39.0205 6088 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    09:34:39.0207 6088 ntrigdigi - ok
    09:34:39.0240 6088 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    09:34:39.0242 6088 Null - ok
    09:34:39.0500 6088 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    09:34:39.0605 6088 nvlddmkm - ok
    09:34:39.0754 6088 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    09:34:39.0757 6088 nvraid - ok
    09:34:39.0801 6088 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    09:34:39.0803 6088 nvstor - ok
    09:34:39.0850 6088 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
    09:34:39.0852 6088 nvstor32 - ok
    09:34:39.0885 6088 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    09:34:39.0889 6088 nv_agp - ok
    09:34:39.0914 6088 NwlnkFlt - ok
    09:34:39.0937 6088 NwlnkFwd - ok
    09:34:39.0976 6088 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    09:34:39.0979 6088 ohci1394 - ok
    09:34:40.0042 6088 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    09:34:40.0047 6088 Parport - ok
    09:34:40.0169 6088 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    09:34:40.0171 6088 partmgr - ok
    09:34:40.0208 6088 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    09:34:40.0211 6088 Parvdm - ok
    09:34:40.0267 6088 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    09:34:40.0271 6088 pci - ok
    09:34:40.0305 6088 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    09:34:40.0307 6088 pciide - ok
    09:34:40.0351 6088 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    09:34:40.0355 6088 pcmcia - ok
    09:34:40.0416 6088 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    09:34:40.0439 6088 PEAUTH - ok
    09:34:40.0559 6088 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    09:34:40.0561 6088 PptpMiniport - ok
    09:34:40.0605 6088 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    09:34:40.0672 6088 Processor - ok
    09:34:40.0759 6088 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Frontier\Frontier Security Services\BitDefender\profos.sys
    09:34:40.0762 6088 Profos - ok
    09:34:40.0856 6088 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    09:34:40.0860 6088 PSched - ok
    09:34:40.0919 6088 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    09:34:40.0944 6088 ql2300 - ok
    09:34:40.0990 6088 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    09:34:40.0994 6088 ql40xx - ok
    09:34:41.0084 6088 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    09:34:41.0087 6088 QWAVEdrv - ok
    09:34:41.0191 6088 RadialpointIDSDriver (bdbed9fc165faf04be644ec212ba4603) C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
    09:34:41.0195 6088 RadialpointIDSDriver - ok
    09:34:41.0255 6088 RadialpointIDSEH - ok
    09:34:41.0364 6088 RadialpointIDSFilter (a6c0c7d9da55e5c3dd9c62b11916586b) C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
    09:34:41.0366 6088 RadialpointIDSFilter - ok
    09:34:41.0475 6088 RadialpointIDSShim (a79eeb6feace017928581ef13d573745) C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
    09:34:41.0476 6088 RadialpointIDSShim - ok
    09:34:41.0558 6088 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    09:34:41.0561 6088 RasAcd - ok
    09:34:41.0600 6088 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    09:34:41.0604 6088 Rasl2tp - ok
    09:34:41.0715 6088 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    09:34:41.0719 6088 RasPppoe - ok
    09:34:41.0762 6088 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    09:34:41.0766 6088 RasSstp - ok
    09:34:41.0808 6088 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    09:34:41.0813 6088 rdbss - ok
    09:34:41.0863 6088 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    09:34:41.0866 6088 RDPCDD - ok
    09:34:41.0914 6088 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    09:34:41.0921 6088 rdpdr - ok
    09:34:41.0954 6088 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    09:34:41.0956 6088 RDPENCDD - ok
    09:34:42.0004 6088 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    09:34:42.0009 6088 RDPWD - ok
    09:34:42.0092 6088 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\Windows\system32\DRIVERS\rp_pkt32.sys
    09:34:42.0093 6088 RPPKT - ok
    09:34:42.0137 6088 RPSKT (750d83c39d60964b6bc2b8a75ed7a165) C:\Windows\system32\DRIVERS\rp_skt32.sys
    09:34:42.0138 6088 RPSKT - ok
    09:34:42.0183 6088 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    09:34:42.0187 6088 rspndr - ok
    09:34:42.0227 6088 RTL8169 (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
    09:34:42.0231 6088 RTL8169 - ok
    09:34:42.0270 6088 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    09:34:42.0274 6088 sbp2port - ok
    09:34:42.0324 6088 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    09:34:42.0326 6088 secdrv - ok
    09:34:42.0375 6088 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    09:34:42.0377 6088 Serenum - ok
    09:34:42.0415 6088 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    09:34:42.0420 6088 Serial - ok
    09:34:42.0454 6088 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    09:34:42.0456 6088 sermouse - ok
    09:34:42.0525 6088 sfdrv01 (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
    09:34:42.0528 6088 sfdrv01 - ok
    09:34:42.0559 6088 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    09:34:42.0562 6088 sffdisk - ok
    09:34:42.0596 6088 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    09:34:42.0598 6088 sffp_mmc - ok
    09:34:42.0627 6088 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    09:34:42.0635 6088 sffp_sd - ok
    09:34:42.0713 6088 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
    09:34:42.0716 6088 sfhlp02 - ok
    09:34:42.0759 6088 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    09:34:42.0761 6088 sfloppy - ok
    09:34:42.0796 6088 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys
    09:34:42.0799 6088 sfsync02 - ok
    09:34:42.0833 6088 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
    09:34:42.0837 6088 sfvfs02 - ok
    09:34:42.0902 6088 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    09:34:42.0904 6088 sisagp - ok
    09:34:42.0998 6088 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    09:34:43.0001 6088 SiSRaid2 - ok
    09:34:43.0054 6088 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    09:34:43.0059 6088 SiSRaid4 - ok
    09:34:43.0166 6088 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    09:34:43.0170 6088 Smb - ok
    09:34:43.0223 6088 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    09:34:43.0226 6088 spldr - ok
    09:34:43.0278 6088 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    09:34:43.0285 6088 srv - ok
    09:34:43.0326 6088 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    09:34:43.0330 6088 srv2 - ok
    09:34:43.0363 6088 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    09:34:43.0366 6088 srvnet - ok
    09:34:43.0413 6088 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
    09:34:43.0415 6088 sscdbus - ok
    09:34:43.0459 6088 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
    09:34:43.0464 6088 sscdserd - ok
    09:34:43.0604 6088 StarOpen - ok
    09:34:43.0724 6088 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    09:34:43.0726 6088 swenum - ok
    09:34:43.0771 6088 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    09:34:43.0775 6088 Symc8xx - ok
    09:34:43.0798 6088 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    09:34:43.0802 6088 Sym_hi - ok
    09:34:43.0822 6088 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    09:34:43.0825 6088 Sym_u3 - ok
    09:34:43.0854 6088 szkg5 - ok
    09:34:43.0869 6088 szkgfs - ok
    09:34:43.0962 6088 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
    09:34:43.0987 6088 Tcpip - ok
    09:34:44.0104 6088 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
    09:34:44.0111 6088 Tcpip6 - ok
    09:34:44.0154 6088 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
    09:34:44.0156 6088 tcpipreg - ok
    09:34:44.0187 6088 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    09:34:44.0189 6088 TDPIPE - ok
    09:34:44.0214 6088 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    09:34:44.0217 6088 TDTCP - ok
    09:34:44.0250 6088 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    09:34:44.0254 6088 tdx - ok
    09:34:44.0290 6088 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    09:34:44.0293 6088 TermDD - ok
    09:34:44.0396 6088 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Frontier\Frontier Security Services\BitDefender\trufos.sys
    09:34:44.0399 6088 Trufos - ok
    09:34:44.0482 6088 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    09:34:44.0485 6088 tssecsrv - ok
    09:34:44.0545 6088 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    09:34:44.0549 6088 tunmp - ok
    09:34:44.0574 6088 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    09:34:44.0577 6088 tunnel - ok
    09:34:44.0619 6088 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    09:34:44.0695 6088 uagp35 - ok
    09:34:44.0732 6088 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    09:34:44.0738 6088 udfs - ok
    09:34:44.0781 6088 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    09:34:44.0784 6088 uliagpkx - ok
    09:34:44.0812 6088 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    09:34:44.0818 6088 uliahci - ok
    09:34:44.0843 6088 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    09:34:44.0848 6088 UlSata - ok
    09:34:44.0874 6088 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    09:34:44.0877 6088 ulsata2 - ok
    09:34:44.0900 6088 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    09:34:44.0904 6088 umbus - ok
    09:34:44.0942 6088 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    09:34:44.0945 6088 USBAAPL - ok
    09:34:44.0978 6088 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    09:34:44.0981 6088 usbccgp - ok
    09:34:45.0013 6088 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    09:34:45.0016 6088 usbcir - ok
    09:34:45.0061 6088 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    09:34:45.0063 6088 usbehci - ok
    09:34:45.0084 6088 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    09:34:45.0089 6088 usbhub - ok
    09:34:45.0124 6088 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    09:34:45.0126 6088 usbohci - ok
    09:34:45.0161 6088 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    09:34:45.0164 6088 usbprint - ok
    09:34:45.0187 6088 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    09:34:45.0190 6088 usbscan - ok
    09:34:45.0211 6088 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    09:34:45.0213 6088 USBSTOR - ok
    09:34:45.0248 6088 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    09:34:45.0251 6088 usbuhci - ok
    09:34:45.0283 6088 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
    09:34:45.0289 6088 VClone - ok
    09:34:45.0329 6088 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    09:34:45.0331 6088 vga - ok
    09:34:45.0361 6088 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    09:34:45.0364 6088 VgaSave - ok
    09:34:45.0388 6088 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    09:34:45.0390 6088 viaagp - ok
    09:34:45.0414 6088 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    09:34:45.0416 6088 ViaC7 - ok
    09:34:45.0445 6088 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    09:34:45.0447 6088 viaide - ok
    09:34:45.0481 6088 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    09:34:45.0484 6088 volmgr - ok
    09:34:45.0519 6088 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    09:34:45.0528 6088 volmgrx - ok
    09:34:45.0575 6088 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    09:34:45.0578 6088 volsnap - ok
    09:34:45.0617 6088 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    09:34:45.0693 6088 vsmraid - ok
    09:34:45.0781 6088 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    09:34:45.0785 6088 WacomPen - ok
    09:34:45.0810 6088 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    09:34:45.0812 6088 Wanarp - ok
    09:34:45.0820 6088 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    09:34:45.0822 6088 Wanarpv6 - ok
    09:34:45.0859 6088 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    09:34:45.0861 6088 Wd - ok
    09:34:45.0892 6088 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    09:34:45.0900 6088 Wdf01000 - ok
    09:34:46.0034 6088 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    09:34:46.0039 6088 WmiAcpi - ok
    09:34:46.0096 6088 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    09:34:46.0099 6088 WpdUsb - ok
    09:34:46.0135 6088 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    09:34:46.0138 6088 ws2ifsl - ok
    09:34:46.0204 6088 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    09:34:46.0207 6088 WUDFRd - ok
    09:34:46.0244 6088 MBR (0x1B8) (ef932eaa6ef4c94e66a7f6ceec7eb422) \Device\Harddisk0\DR0
    09:34:46.0277 6088 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
    09:34:46.0277 6088 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
    09:34:46.0741 6088 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk7\DR7
    09:34:46.0747 6088 \Device\Harddisk7\DR7 - ok
    09:34:46.0788 6088 Boot (0x1200) (0f42a57ca89010094954bb1436aaf77b) \Device\Harddisk0\DR0\Partition0
    09:34:46.0790 6088 \Device\Harddisk0\DR0\Partition0 - ok
    09:34:46.0796 6088 Boot (0x1200) (0fe62a851327db71741672e9f4eac1d5) \Device\Harddisk7\DR7\Partition0
    09:34:46.0820 6088 \Device\Harddisk7\DR7\Partition0 - ok
    09:34:46.0820 6088 ============================================================
    09:34:46.0820 6088 Scan finished
    09:34:46.0820 6088 ============================================================
    09:34:46.0840 0936 Detected object count: 1
    09:34:46.0840 0936 Actual detected object count: 1
    09:34:53.0144 0936 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
    09:34:53.0144 0936 \Device\Harddisk0\DR0 - ok
    09:34:53.0145 0936 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
    09:35:07.0006 3332 Deinitialize success
     
  14. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    Which then allowed aswMBR to work!

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-11 10:12:46
    -----------------------------
    10:12:46.581 OS Version: Windows 6.0.6002 Service Pack 2
    10:12:46.581 Number of processors: 2 586 0x1706
    10:12:46.583 ComputerName: KYLE-PC UserName: Kyle
    10:12:48.483 Initialize success
    10:15:36.003 AVAST engine defs: 11111100
    10:15:40.208 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
    10:15:40.210 Disk 0 Vendor: ST332081 SD23 Size: 305245MB BusType: 6
    10:15:42.238 Disk 0 MBR read successfully
    10:15:42.240 Disk 0 MBR scan
    10:15:42.244 Disk 0 unknown MBR code
    10:15:42.255 Disk 0 scanning sectors +625140400
    10:15:42.418 Disk 0 scanning C:\Windows\system32\drivers
    10:15:54.013 Service scanning
    10:15:55.717 Modules scanning
    10:16:02.002 Disk 0 trace - called modules:
    10:16:02.034 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys rassstp.sys
    10:16:02.036 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87905ac8]
    10:16:02.039 3 CLASSPNP.SYS[8afde8b3] -> nt!IofCallDriver -> [0x86781ae0]
    10:16:02.046 5 acpi.sys[806956bc] -> nt!IofCallDriver -> \Device\00000061[0x86781710]
    10:16:03.193 AVAST engine scan C:\Windows
    10:16:06.910 AVAST engine scan C:\Windows\system32
    10:18:57.656 AVAST engine scan C:\Windows\system32\drivers
    10:19:23.757 AVAST engine scan C:\Users\Kyle
    10:22:53.252 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
    10:22:53.259 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"

    I am going to give DDS another try since the others have been running now.
     
  15. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
    Run by Kyle at 10:26:29 on 2011-11-11
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2815.1564 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Frontier\Frontier Security Services\Fws.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Frontier\Servicepoint\ServicepointService.exe
    C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Frontier\Servicepoint\FrontierServicepoint.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\REGSVR32.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.comcast.net/?cid=NET_mmhpset
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\kyle\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{776B2AAC-54DD-4B4A-9919-42C18115253D} : DhcpNameServer = 192.168.1.1 192.168.1.1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-4-29 24576]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-9 366152]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-9 2253120]
    R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\frontier\frontier security services\avg\identity protection\agent\bin\AVGIDSAgent.exe [2011-6-27 5832712]
    R2 ServicepointService;ServicepointService;c:\program files\frontier\servicepoint\ServicepointService.exe [2011-6-27 689464]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-9 22216]
    R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\frontier\frontier security services\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2011-6-27 122376]
    R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\frontier\frontier security services\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2011-6-27 30216]
    R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\frontier\frontier security services\avg\identity protection\agent\drivers\AVGIDSShim.sys [2011-6-27 27800]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Radialpoint Security Services;Frontier Security Services;c:\program files\frontier\frontier security services\RpsSecurityAwareR.exe [2010-12-18 167016]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-11-11 15:12:34 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-11-11 15:12:26 -------- d-----w- c:\users\kyle\appdata\local\temp
    2011-11-11 14:46:05 -------- d-----w- C:\kylel
    2011-11-11 14:37:31 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39daab91-ae67-4dee-9afa-44c87f524e03}\offreg.dll
    2011-11-11 03:52:16 98816 ----a-w- c:\windows\sed.exe
    2011-11-11 03:52:16 518144 ----a-w- c:\windows\SWREG.exe
    2011-11-11 03:52:16 256000 ----a-w- c:\windows\PEV.exe
    2011-11-11 03:52:16 208896 ----a-w- c:\windows\MBR.exe
    2011-11-11 01:36:38 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-11-09 22:54:04 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
    2011-11-09 21:17:57 -------- d-----w- c:\program files\World of Warcraft
    2011-11-09 21:06:49 -------- d-----w- c:\programdata\STOPzilla!
    2011-11-09 20:32:13 -------- d-----w- c:\programdata\PC Tools
    2011-11-09 19:40:42 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2011-11-09 19:40:42 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2011-11-09 19:40:41 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2011-11-09 19:40:40 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2011-11-09 19:40:40 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2011-11-09 19:40:40 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2011-11-09 19:40:40 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2011-11-09 19:40:40 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
    2011-11-09 19:40:39 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
    2011-11-09 19:40:39 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
    2011-11-09 19:40:39 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
    2011-11-09 19:40:39 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
    2011-11-09 19:39:58 487424 ----a-w- c:\windows\system32\msvcp70.dll
    2011-11-09 19:39:58 344064 ----a-w- c:\windows\system32\msvcr70.dll
    2011-11-09 19:39:57 974848 ----a-w- c:\windows\system32\mfc70.dll
    2011-11-09 19:39:57 608448 ----a-w- c:\windows\system32\comctl32.ocx
    2011-11-09 19:39:57 -------- d-----w- c:\program files\AML Products
    2011-11-09 19:38:30 -------- d--h--w- c:\windows\msdownld.tmp
    2011-11-09 19:38:25 -------- d-----w- c:\windows\system32\directx
    2011-11-09 19:35:36 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-11-09 19:33:55 -------- d-----w- c:\program files\LSI SoftModem
    2011-11-09 18:51:43 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-11-09 18:49:41 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2011-11-09 18:49:41 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-11-09 18:49:40 919872 ----a-w- c:\windows\system32\nvdispco32.dll
    2011-11-09 18:49:40 877376 ----a-w- c:\windows\system32\nvgenco32.dll
    2011-11-09 18:49:40 5578560 ----a-w- c:\windows\system32\nvcuda.dll
    2011-11-09 18:49:40 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-11-09 18:49:40 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-11-09 18:49:40 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-11-09 18:49:40 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-11-09 18:49:40 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-11-09 14:48:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-09 09:39:13 2409784 ---ha-w- c:\program files\windows mail\OESpamFilter.dat
    2011-11-09 09:39:09 913280 ---ha-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 09:39:09 31232 ---ha-w- c:\windows\system32\drivers\tcpipreg.sys
    2011-11-09 09:39:08 707584 ---ha-w- c:\program files\common files\system\wab32.dll
    2011-11-08 06:54:36 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39daab91-ae67-4dee-9afa-44c87f524e03}\mpengine.dll
    2011-11-05 23:40:40 -------- d-----w- c:\users\kyle\appdata\local\Conduit
    2011-10-12 22:36:31 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-12 22:36:30 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-12 22:36:30 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-12 22:36:30 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-12 22:36:28 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-10-12 22:35:46 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-12 22:35:45 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-12 22:35:45 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-12 22:35:45 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ==================== Find3M ====================
    .
    2011-10-15 08:53:00 6350144 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-15 08:53:00 3840320 ----a-w- c:\windows\system32\nvsvc.dll
    2011-10-15 08:53:00 2458432 ----a-w- c:\windows\system32\nvapi.dll
    2011-10-15 08:53:00 203072 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-15 08:53:00 123712 ----a-w- c:\windows\system32\nvshext.dll
    2011-10-15 08:53:00 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-10-03 17:33:47 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-31 03:05:04 83816 ---ha-w- c:\windows\system32\dns-sd.exe
    2011-08-31 03:05:04 73064 ---ha-w- c:\windows\system32\dnssd.dll
    2011-08-18 13:51:37 0 ----a-w- c:\programdata\sear.exe
    2011-08-18 13:51:37 0 ----a-w- c:\programdata\mgro.exe
    2011-08-18 13:51:37 0 ----a-w- c:\programdata\dmup.exe
    2011-08-18 13:51:37 0 ----a-w- c:\programdata\ccpd.exe
    .
    ============= FINISH: 10:26:50.00 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/29/2009 4:30:47 AM
    System Uptime: 11/11/2011 9:36:34 AM (1 hours ago)
    .
    Motherboard: eMachines | | EMCP73VT-PM
    Processor: Pentium(R) Dual-Core CPU E2210 @ 2.20GHz | CPU 1 | 2203/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 285 GiB total, 115.981 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0000
    Manufacturer: Microsoft
    Name: 6TO4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0000
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP915: 11/9/2011 1:50:35 PM - Device Driver Package Install: NVIDIA Display adapters
    RP916: 11/9/2011 2:03:57 PM - Windows Update
    RP917: 11/9/2011 2:33:01 PM - Windows Update
    RP919: 11/9/2011 2:40:08 PM - Installed DirectX
    RP920: 11/9/2011 2:48:39 PM - Windows Update
    RP921: 11/9/2011 4:04:31 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP923: 11/9/2011 4:42:52 PM - StopZILLA! Restore Point.
    RP924: 11/9/2011 5:16:20 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP925: 11/9/2011 5:20:31 PM - Removed Bing Bar
    RP926: 11/10/2011 7:30:08 AM - Restore Operation
    RP927: 11/10/2011 4:04:46 PM - Windows Update
    RP928: 11/11/2011 8:27:03 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Absolute Poker
    Acrobat.com
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader 9.4.6
    Agere Systems PCI-SV92PP Soft Modem
    AML Free Registry Cleaner 4.22
    Any Video Converter 3.2.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Charter Browser Updater
    Choice Guard
    Comcast Desktop Software (v1.2.0.9)
    Compatibility Pack for the 2007 Office system
    Dell Driver Download Manager
    Desktop Doctor
    Diablo II
    DivX Plus Web Player
    eMachines Recovery Management
    Frontier Security Services
    Frontier Servicepoint 3.7.44
    Google Chrome
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Officejet 6500 E710a-f Basic Device Software
    HP Officejet 6500 E710a-f Help
    HP Officejet 6500 E710a-f Product Improvement Study
    HP Update
    I.R.I.S. OCR
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    Junk Mail filter update
    K-Lite Codec Pack 2.72 Full
    LSI PCI-SV92PP Soft Modem
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MSVCRT
    NVIDIA Control Panel 285.62
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA Graphics Driver 285.62
    NVIDIA Install Application
    NVIDIA Update 1.5.20
    NVIDIA Update Components
    OGA Notifier 2.0.0048.0
    PerfectDisk 10 Professional
    QuickTime
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek High Definition Audio Driver
    RPS CRT
    RPS PerfectDiskStub
    RPS RpsCore
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Spelling Dictionaries Support For Adobe Reader 9
    StarCraft II
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.1.11
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/11/2011 9:38:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv Lbd RadialpointIDSEH StarOpen szkg5 szkgfs
    11/11/2011 9:36:04 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
    11/11/2011 10:08:54 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================

    Sorry for swamping you with all this at once, but I was excited when things finally started working! Thank you so much for any and all help!
     
  16. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Very good :)

    See if Combofix will run now.
     
  17. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    I had already gotten it to run after TDSSKiller, just forgot to post the log. Here it is and Thank You!

    ComboFix 11-11-11.02 - Kyle 11/11/2011 9:48.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2815.1899 [GMT -5:00]
    Running from: c:\users\Kyle\Desktop\kylel.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Tarma Installer
    c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
    c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
    c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
    c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
    c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
    c:\users\Kyle\AppData\Local\bjua.exe
    c:\users\Kyle\AppData\Local\guvf.exe
    c:\users\Kyle\AppData\Local\hmgy.exe
    c:\users\Kyle\AppData\Local\kohs.exe
    c:\users\Kyle\AppData\Local\ohqa.exe
    c:\users\Kyle\AppData\Local\qquy.exe
    c:\users\Kyle\AppData\Local\tsnv.exe
    c:\users\Kyle\AppData\Local\yovc.exe
    c:\users\Kyle\AppData\Roaming\Adobe\plugs
    c:\users\Kyle\AppData\Roaming\Adobe\shed
    c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
    c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
    c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
    c:\users\Kyle\Documents\R166244.zip
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-11 15:07 . 2011-11-11 15:09 -------- d-----w- c:\users\Kyle\AppData\Local\temp
    2011-11-11 15:07 . 2011-11-11 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-11 14:37 . 2011-11-11 14:37 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39DAAB91-AE67-4DEE-9AFA-44C87F524E03}\offreg.dll
    2011-11-11 01:36 . 2011-11-11 01:36 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-11-09 22:54 . 2011-11-09 22:54 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
    2011-11-09 21:17 . 2011-11-10 14:01 -------- d-----w- c:\program files\World of Warcraft
    2011-11-09 21:06 . 2011-11-09 22:18 -------- d-----w- c:\programdata\STOPzilla!
    2011-11-09 20:32 . 2011-11-09 20:54 -------- d-----w- c:\programdata\PC Tools
    2011-11-09 19:40 . 2010-06-02 09:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2011-11-09 19:40 . 2010-06-02 09:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2011-11-09 19:40 . 2010-06-02 09:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2011-11-09 19:40 . 2010-05-26 16:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2011-11-09 19:40 . 2010-05-26 16:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2011-11-09 19:35 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-11-09 19:33 . 2011-11-09 19:33 -------- d-----w- c:\program files\LSI SoftModem
    2011-11-09 18:52 . 2011-11-09 18:52 -------- d-----w- c:\users\UpdatusUser
    2011-11-09 18:51 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-11-09 18:49 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2011-11-09 18:49 . 2011-10-15 08:53 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-11-09 18:49 . 2011-10-15 08:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
    2011-11-09 18:49 . 2011-10-15 08:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
    2011-11-09 18:49 . 2011-10-15 08:53 5578560 ----a-w- c:\windows\system32\nvcuda.dll
    2011-11-09 18:49 . 2011-10-15 08:53 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-11-09 18:49 . 2011-10-15 08:53 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-11-09 18:49 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-11-09 18:49 . 2011-10-15 08:53 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-11-09 18:49 . 2011-10-15 08:53 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-11-09 14:48 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-09 09:39 . 2011-10-17 11:41 2409784 ---ha-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-09 09:39 . 2011-09-20 21:02 913280 ---ha-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 09:39 . 2011-09-20 13:44 31232 ---ha-w- c:\windows\system32\drivers\tcpipreg.sys
    2011-11-09 09:39 . 2011-09-30 15:57 707584 ---ha-w- c:\program files\Common Files\System\wab32.dll
    2011-11-08 06:54 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39DAAB91-AE67-4DEE-9AFA-44C87F524E03}\mpengine.dll
    2011-11-05 23:40 . 2011-11-05 23:45 -------- d-----w- c:\users\Kyle\AppData\Local\Conduit
    2011-10-12 22:36 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-12 22:36 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-12 22:36 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-12 22:36 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-12 22:36 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-10-12 22:35 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-12 22:35 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-12 22:35 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-12 22:35 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-15 08:53 . 2010-07-09 20:37 6350144 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-15 08:53 . 2010-07-09 20:37 3840320 ----a-w- c:\windows\system32\nvsvc.dll
    2011-10-15 08:53 . 2010-07-09 20:37 203072 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-15 08:53 . 2010-07-09 20:37 123712 ----a-w- c:\windows\system32\nvshext.dll
    2011-10-15 08:53 . 2010-07-09 20:37 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-10-15 08:53 . 2009-04-02 06:34 2458432 ----a-w- c:\windows\system32\nvapi.dll
    2011-10-03 17:33 . 2011-10-03 17:33 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 17:20 . 2011-10-03 17:20 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-10-03 17:19 . 2011-10-03 17:19 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-10-03 17:19 . 2011-10-03 17:19 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2011-08-31 03:05 . 2011-08-31 03:05 83816 ---ha-w- c:\windows\system32\dns-sd.exe
    2011-08-31 03:05 . 2011-08-31 03:05 73064 ---ha-w- c:\windows\system32\dnssd.dll
    2011-08-28 22:39 . 2011-08-28 22:39 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-08-28 22:39 . 2011-08-28 22:39 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-08-28 22:39 . 2011-08-28 22:39 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-08-28 22:39 . 2011-08-28 22:39 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-08-28 22:39 . 2011-08-28 22:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-08-28 22:39 . 2011-08-28 22:39 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-08-28 22:39 . 2011-08-28 22:39 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-08-28 22:39 . 2011-08-28 22:39 367104 ----a-w- c:\windows\system32\html.iec
    2011-08-28 22:39 . 2011-08-28 22:39 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-28 22:39 . 2011-08-28 22:39 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-08-28 22:39 . 2011-08-28 22:39 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-08-28 22:39 . 2011-08-28 22:39 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-28 22:39 . 2011-08-28 22:39 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-08-28 22:39 . 2011-08-28 22:39 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-08-28 22:39 . 2011-08-28 22:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-08-28 22:39 . 2011-08-28 22:39 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-08-28 22:39 . 2011-08-28 22:39 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-08-28 22:39 . 2011-08-28 22:39 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-08-18 13:51 . 2011-08-18 13:51 0 ----a-w- c:\programdata\sear.exe
    2011-08-18 13:51 . 2011-08-18 13:51 0 ----a-w- c:\programdata\mgro.exe
    2011-08-18 13:51 . 2011-08-18 13:51 0 ----a-w- c:\programdata\dmup.exe
    2011-08-18 13:51 . 2011-08-18 13:51 0 ----a-w- c:\programdata\ccpd.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
    "Skytel"="Skytel.exe" [2008-07-23 1826816]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2011-11-7 0]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^Kyle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
    path=c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    backup=c:\windows\pss\CurseClientStartup.ccip.Startup
    backupExtension=.Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
    2008-04-24 18:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
    2009-04-24 07:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [x]
    R0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys [x]
    R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
    R1 MpKsla22ad28f;MpKsla22ad28f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB74DC68-B187-490C-A237-642160622152}\MpKsla22ad28f.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 Radialpoint Security Services;Frontier Security Services;c:\program files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe [2010-12-18 167016]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
    S2 ServicepointService;ServicepointService;c:\program files\Frontier\Servicepoint\ServicepointService.exe [2011-01-20 689464]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
    S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
    S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 27800]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - E824DCC9
    *NewlyCreated* - EF504A6D
    *Deregistered* - e824dcc9
    *Deregistered* - ef504a6d
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bdx REG_MULTI_SZ scan sysagent
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000Core.job
    - c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 20:12]
    .
    2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000UA.job
    - c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 20:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/?cid=NET_mmhpset
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-11 10:09
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2011-11-11 10:12:21
    ComboFix-quarantined-files.txt 2011-11-11 15:12
    .
    Pre-Run: 124,723,134,464 bytes free
    Post-Run: 125,150,244,864 bytes free
    .
    - - End Of File - - 2776F3DCA377C90EE1BA2587F014BE91
     
  18. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\programdata\sear.exe
    c:\programdata\mgro.exe
    c:\programdata\dmup.exe
    c:\programdata\ccpd.exe
    c:\windows\system32\drivers\is3srv.sys
    c:\windows\system32\drivers\szkg.sys
    c:\windows\system32\drivers\szkgfs.sys
    
    
    Folder::
    c:\programdata\STOPzilla!
    
    Driver::
    is3srv
    szkg5
    szkgfs
    
    
    Registry::
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  19. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    Here we go:

    ComboFix 11-11-11.04 - Kyle 11/11/2011 11:54:45.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2815.1572 [GMT -5:00]
    Running from: c:\users\Kyle\Desktop\kylel.exe
    Command switches used :: c:\users\Kyle\Desktop\cfscript.txt
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\programdata\ccpd.exe"
    "c:\programdata\dmup.exe"
    "c:\programdata\mgro.exe"
    "c:\programdata\sear.exe"
    "c:\windows\system32\drivers\is3srv.sys"
    "c:\windows\system32\drivers\szkg.sys"
    "c:\windows\system32\drivers\szkgfs.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ccpd.exe
    c:\programdata\dmup.exe
    c:\programdata\mgro.exe
    c:\programdata\sear.exe
    c:\programdata\STOPzilla!
    c:\programdata\STOPzilla!\modules_scanned.db
    c:\programdata\STOPzilla!\scanner.log
    c:\programdata\STOPzilla!\userdata.db
    c:\programdata\STOPzilla!\vdb\vb-000.vdb
    c:\programdata\STOPzilla!\vdb\vb-001.vdb
    c:\programdata\STOPzilla!\vdb\vb-002.vdb
    c:\programdata\STOPzilla!\vdb\vb-003.vdb
    c:\programdata\STOPzilla!\vdb\vb-004.vdb
    c:\programdata\STOPzilla!\vdb\vb-005.vdb
    c:\programdata\STOPzilla!\vdb\vb-006.vdb
    c:\programdata\STOPzilla!\vdb\vb-007.vdb
    c:\programdata\STOPzilla!\vdb\vb-008.vdb
    c:\programdata\STOPzilla!\vdb\vb-009.vdb
    c:\programdata\STOPzilla!\vdb\vb-010.vdb
    c:\programdata\STOPzilla!\vdb\vb-011.vdb
    c:\programdata\STOPzilla!\vdb\vb-012.vdb
    c:\programdata\STOPzilla!\vdb\vb-013.vdb
    c:\programdata\STOPzilla!\vdb\vb-014.vdb
    c:\programdata\STOPzilla!\vdb\vb-015.vdb
    c:\programdata\STOPzilla!\vdb\vb-016.vdb
    c:\programdata\STOPzilla!\vdb\vb-017.vdb
    c:\programdata\STOPzilla!\vdb\vb-018.vdb
    c:\programdata\STOPzilla!\vdb\vb-019.vdb
    c:\programdata\STOPzilla!\vdb\vb-020.vdb
    c:\programdata\STOPzilla!\vdb\vb-021.vdb
    c:\programdata\STOPzilla!\vdb\vb-022.vdb
    c:\programdata\STOPzilla!\vdb\vb-023.vdb
    c:\programdata\STOPzilla!\vdb\vb-024.vdb
    c:\programdata\STOPzilla!\vdb\vb-025.vdb
    c:\programdata\STOPzilla!\vdb\vb-026.vdb
    c:\programdata\STOPzilla!\vdb\vb-027.vdb
    c:\programdata\STOPzilla!\vdb\vb-028.vdb
    c:\programdata\STOPzilla!\vdb\vb-029.vdb
    c:\programdata\STOPzilla!\vdb\vb-030.vdb
    c:\programdata\STOPzilla!\vdb\vb-031.vdb
    c:\programdata\STOPzilla!\vdb\vb-032.vdb
    c:\programdata\STOPzilla!\vdb\vb-033.vdb
    c:\programdata\STOPzilla!\vdb\vb-034.vdb
    c:\programdata\STOPzilla!\vdb\vb-035.vdb
    c:\programdata\STOPzilla!\vdb\vb-036.vdb
    c:\programdata\STOPzilla!\vdb\vb-037.vdb
    c:\programdata\STOPzilla!\vdb\vb-038.vdb
    c:\programdata\STOPzilla!\vdb\vb-039.vdb
    c:\programdata\STOPzilla!\vdb\vb-040.vdb
    c:\programdata\STOPzilla!\vdb\vb-041.vdb
    c:\programdata\STOPzilla!\vdb\vb-042.vdb
    c:\programdata\STOPzilla!\vdb\vb-043.vdb
    c:\programdata\STOPzilla!\vdb\vb-044.vdb
    c:\programdata\STOPzilla!\vdb\vb-045.vdb
    c:\programdata\STOPzilla!\vdb\vb-046.vdb
    c:\programdata\STOPzilla!\vdb\vb-047.vdb
    c:\programdata\STOPzilla!\vdb\vb-048.vdb
    c:\programdata\STOPzilla!\vdb\vb-049.vdb
    c:\programdata\STOPzilla!\vdb\vb-050.vdb
    c:\programdata\STOPzilla!\vdb\vb-051.vdb
    c:\programdata\STOPzilla!\vdb\vb-052.vdb
    c:\programdata\STOPzilla!\vdb\vb-053.vdb
    c:\programdata\STOPzilla!\vdb\vb-054.vdb
    c:\programdata\STOPzilla!\vdb\vb-055.vdb
    c:\programdata\STOPzilla!\vdb\vb-056.vdb
    c:\programdata\STOPzilla!\vdb\vb-057.vdb
    c:\programdata\STOPzilla!\vdb\vb-058.vdb
    c:\programdata\STOPzilla!\vdb\vb-059.vdb
    c:\programdata\STOPzilla!\vdb\vb-060.vdb
    c:\programdata\STOPzilla!\vdb\vb-061.vdb
    c:\programdata\STOPzilla!\vdb\vb-062.vdb
    c:\programdata\STOPzilla!\vdb\vb-063.vdb
    c:\programdata\STOPzilla!\vdb\vb-064.vdb
    c:\programdata\STOPzilla!\vdb\vb-065.vdb
    c:\programdata\STOPzilla!\vdb\vb-066.vdb
    c:\programdata\STOPzilla!\vdb\vb-067.vdb
    c:\programdata\STOPzilla!\vdb\vb-068.vdb
    c:\programdata\STOPzilla!\vdb\vb-069.vdb
    c:\programdata\STOPzilla!\vdb\vb-070.vdb
    c:\programdata\STOPzilla!\vdb\vb-071.vdb
    c:\programdata\STOPzilla!\vdb\vb-072.vdb
    c:\programdata\STOPzilla!\vdb\vb-073.vdb
    c:\programdata\STOPzilla!\vdb\vb-074.vdb
    c:\programdata\STOPzilla!\vdb\vb-075.vdb
    c:\programdata\STOPzilla!\vdb\vb-076.vdb
    c:\programdata\STOPzilla!\vdb\vb-077.vdb
    c:\programdata\STOPzilla!\vdb\vb-078.vdb
    c:\programdata\STOPzilla!\vdb\vb-079.vdb
    c:\programdata\STOPzilla!\vdb\vb-080.vdb
    c:\programdata\STOPzilla!\vdb\vb-081.vdb
    c:\programdata\STOPzilla!\vdb\vb-082.vdb
    c:\programdata\STOPzilla!\vdb\vb-083.vdb
    c:\programdata\STOPzilla!\vdb\vb-084.vdb
    c:\programdata\STOPzilla!\vdb\vb-085.vdb
    c:\programdata\STOPzilla!\vdb\vb-086.vdb
    c:\programdata\STOPzilla!\vdb\vb-087.vdb
    c:\programdata\STOPzilla!\vdb\vb-088.vdb
    c:\programdata\STOPzilla!\vdb\vb-089.vdb
    c:\programdata\STOPzilla!\vdb\vb-090.vdb
    c:\programdata\STOPzilla!\vdb\vb-091.vdb
    c:\programdata\STOPzilla!\vdb\vb-092.vdb
    c:\programdata\STOPzilla!\vdb\vb-093.vdb
    c:\programdata\STOPzilla!\vdb\vb-094.vdb
    c:\programdata\STOPzilla!\vdb\vb-095.vdb
    c:\programdata\STOPzilla!\vdb\vb-096.vdb
    c:\programdata\STOPzilla!\vdb\vb-097.vdb
    c:\programdata\STOPzilla!\vdb\vb-098.vdb
    c:\programdata\STOPzilla!\vdb\vb-099.vdb
    c:\programdata\STOPzilla!\vdb\vb-100.vdb
    c:\programdata\STOPzilla!\vdb\vb-101.vdb
    c:\programdata\STOPzilla!\vdb\vb-102.vdb
    c:\programdata\STOPzilla!\vdb\vb-103.vdb
    c:\programdata\STOPzilla!\vdb\vb-104.vdb
    c:\programdata\STOPzilla!\vdb\vb-105.vdb
    c:\programdata\STOPzilla!\vdb\vb-106.vdb
    c:\programdata\STOPzilla!\vdb\vb-107.vdb
    c:\programdata\STOPzilla!\vdb\vb-108.vdb
    c:\programdata\STOPzilla!\vdb\vb-109.vdb
    c:\programdata\STOPzilla!\vdb\vb-110.vdb
    c:\programdata\STOPzilla!\vdb\vb-111.vdb
    c:\programdata\STOPzilla!\vdb\vb-112.vdb
    c:\programdata\STOPzilla!\vdb\vb-113.vdb
    c:\programdata\STOPzilla!\vdb\vb-114.vdb
    c:\programdata\STOPzilla!\vdb\vb-115.vdb
    c:\programdata\STOPzilla!\vdb\vb-116.vdb
    c:\programdata\STOPzilla!\vdb\vb-117.vdb
    c:\programdata\STOPzilla!\vdb\vbcorent.dll
    c:\programdata\STOPzilla!\vdb\vdb.xml
    c:\programdata\STOPzilla!\vdb\xml_edk.log
    c:\programdata\STOPzilla!\zilla5.log
    K:\Setup.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_SZKG5
    -------\Legacy_SZKGFS
    -------\Service_is3srv
    -------\Service_szkg5
    -------\Service_szkgfs
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-11 18:02 . 2011-11-11 18:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39DAAB91-AE67-4DEE-9AFA-44C87F524E03}\offreg.dll
    2011-11-11 17:13 . 2011-11-11 18:03 -------- d-----w- c:\users\Kyle\AppData\Local\temp
    2011-11-11 01:36 . 2011-11-11 01:36 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-11-09 22:54 . 2011-11-09 22:54 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
    2011-11-09 21:17 . 2011-11-10 14:01 -------- d-----w- c:\program files\World of Warcraft
    2011-11-09 20:32 . 2011-11-09 20:54 -------- d-----w- c:\programdata\PC Tools
    2011-11-09 19:40 . 2010-06-02 09:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2011-11-09 19:40 . 2010-06-02 09:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2011-11-09 19:40 . 2010-06-02 09:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2011-11-09 19:40 . 2010-05-26 16:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2011-11-09 19:40 . 2010-05-26 16:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2011-11-09 19:35 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2011-11-09 19:33 . 2011-11-09 19:33 -------- d-----w- c:\program files\LSI SoftModem
    2011-11-09 18:52 . 2011-11-09 18:52 -------- d-----w- c:\users\UpdatusUser
    2011-11-09 18:51 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-11-09 18:49 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2011-11-09 18:49 . 2011-10-15 08:53 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-11-09 18:49 . 2011-10-15 08:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
    2011-11-09 18:49 . 2011-10-15 08:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
    2011-11-09 18:49 . 2011-10-15 08:53 5578560 ----a-w- c:\windows\system32\nvcuda.dll
    2011-11-09 18:49 . 2011-10-15 08:53 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-11-09 18:49 . 2011-10-15 08:53 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-11-09 18:49 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-11-09 18:49 . 2011-10-15 08:53 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-11-09 18:49 . 2011-10-15 08:53 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-11-09 14:48 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-09 09:39 . 2011-10-17 11:41 2409784 ---ha-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-09 09:39 . 2011-09-20 21:02 913280 ---ha-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 09:39 . 2011-09-20 13:44 31232 ---ha-w- c:\windows\system32\drivers\tcpipreg.sys
    2011-11-09 09:39 . 2011-09-30 15:57 707584 ---ha-w- c:\program files\Common Files\System\wab32.dll
    2011-11-08 06:54 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39DAAB91-AE67-4DEE-9AFA-44C87F524E03}\mpengine.dll
    2011-11-05 23:40 . 2011-11-05 23:45 -------- d-----w- c:\users\Kyle\AppData\Local\Conduit
    2011-10-12 22:36 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-12 22:36 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-12 22:36 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-12 22:36 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-12 22:36 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-10-12 22:35 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-12 22:35 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-12 22:35 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-12 22:35 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-15 08:53 . 2010-07-09 20:37 6350144 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-15 08:53 . 2010-07-09 20:37 3840320 ----a-w- c:\windows\system32\nvsvc.dll
    2011-10-15 08:53 . 2010-07-09 20:37 203072 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-15 08:53 . 2010-07-09 20:37 123712 ----a-w- c:\windows\system32\nvshext.dll
    2011-10-15 08:53 . 2010-07-09 20:37 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-10-15 08:53 . 2009-04-02 06:34 2458432 ----a-w- c:\windows\system32\nvapi.dll
    2011-10-03 17:33 . 2011-10-03 17:33 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 17:20 . 2011-10-03 17:20 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-10-03 17:19 . 2011-10-03 17:19 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-10-03 17:19 . 2011-10-03 17:19 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
    2011-08-31 03:05 . 2011-08-31 03:05 83816 ---ha-w- c:\windows\system32\dns-sd.exe
    2011-08-31 03:05 . 2011-08-31 03:05 73064 ---ha-w- c:\windows\system32\dnssd.dll
    2011-08-28 22:39 . 2011-08-28 22:39 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-08-28 22:39 . 2011-08-28 22:39 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-08-28 22:39 . 2011-08-28 22:39 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-08-28 22:39 . 2011-08-28 22:39 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-08-28 22:39 . 2011-08-28 22:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-08-28 22:39 . 2011-08-28 22:39 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-08-28 22:39 . 2011-08-28 22:39 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-08-28 22:39 . 2011-08-28 22:39 367104 ----a-w- c:\windows\system32\html.iec
    2011-08-28 22:39 . 2011-08-28 22:39 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-28 22:39 . 2011-08-28 22:39 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-08-28 22:39 . 2011-08-28 22:39 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-08-28 22:39 . 2011-08-28 22:39 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-28 22:39 . 2011-08-28 22:39 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-08-28 22:39 . 2011-08-28 22:39 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-08-28 22:39 . 2011-08-28 22:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-08-28 22:39 . 2011-08-28 22:39 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-08-28 22:39 . 2011-08-28 22:39 101888 ----a-w- c:\windows\system32\admparse.dll
    2011-08-28 22:39 . 2011-08-28 22:39 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2011-11-7 0]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^Kyle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
    path=c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    backup=c:\windows\pss\CurseClientStartup.ccip.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
    2008-04-24 18:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
    2009-04-24 07:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [x]
    R1 MpKsla22ad28f;MpKsla22ad28f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB74DC68-B187-490C-A237-642160622152}\MpKsla22ad28f.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 Radialpoint Security Services;Frontier Security Services;c:\program files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe [2010-12-18 167016]
    S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
    S2 ServicepointService;ServicepointService;c:\program files\Frontier\Servicepoint\ServicepointService.exe [2011-01-20 689464]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
    S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
    S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 27800]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 03325D94
    *Deregistered* - 03325d94
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bdx REG_MULTI_SZ scan sysagent
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000Core.job
    - c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 20:12]
    .
    2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000UA.job
    - c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 20:12]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\.NET CLR Data]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\.NET CLR Networking]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\.NET CLR Networking 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\.NET Data Provider for Oracle]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\.NET Data Provider for SqlServer]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\.NETFramework]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ACPI]
    "ImagePath"="system32\drivers\acpi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\adp94xx]
    "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\adpahci]
    "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\adpu160m]
    "ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\adpu320]
    "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\adsi]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AeLookupSvc]
    "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AFD]
    "ImagePath"="\SystemRoot\system32\drivers\afd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AgereModemAudio]
    "ImagePath"="c:\windows\system32\agrsmsvc.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AgereSoftModem]
    "ImagePath"="system32\DRIVERS\AGRSM.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\agp440]
    "ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\aic78xx]
    "ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ALG]
    "ImagePath"="%SystemRoot%\System32\alg.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\aliide]
    "ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Alpham1]
    "ImagePath"="system32\DRIVERS\Alpham1.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Alpham2]
    "ImagePath"="system32\DRIVERS\Alpham2.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\amdagp]
    "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\amdide]
    "ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AmdK7]
    "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AmdK8]
    "ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Appinfo]
    "ServiceDll"="%SystemRoot%\System32\appinfo.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Apple Mobile Device]
    "ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AppMgmt]
    "ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\arc]
    "ImagePath"="\SystemRoot\system32\drivers\arc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\arcsas]
    "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AsyncMac]
    "ImagePath"="system32\DRIVERS\asyncmac.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\atapi]
    "ImagePath"="system32\drivers\atapi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AudioEndpointBuilder]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Audiosrv]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Avg]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BattC]
    "MofImagePath"="system32\drivers\battc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\bdfsfltr]
    "ImagePath"="system32\drivers\bdfsfltr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Beep]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BFE]
    "ServiceDll"="%SystemRoot%\System32\bfe.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BITS]
    "ServiceDll"="%systemroot%\system32\qmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\blbdrive]
    "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Bonjour Service]
    "ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\bowser]
    "ImagePath"="system32\DRIVERS\bowser.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BrFiltLo]
    "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BrFiltUp]
    "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Browser]
    "ServiceDll"="%SystemRoot%\System32\browser.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Brserid]
    "ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BrSerWdm]
    "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BrUsbMdm]
    "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BrUsbSer]
    "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BTHMODEM]
    "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BTHPORT]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\catchme]
    "ImagePath"="\??\c:\users\Kyle\AppData\Local\Temp\catchme.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\cdfs]
    "ImagePath"="system32\DRIVERS\cdfs.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\cdrom]
    "ImagePath"="system32\DRIVERS\cdrom.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\CertPropSvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\circlass]
    "ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\CLFS]
    "ImagePath"="System32\CLFS.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\clr_optimization_v2.0.50727_32]
    "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\clr_optimization_v4.0.30319_32]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\cmdide]
    "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Compbatt]
    "ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\COMSysApp]
    "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\crcdisk]
    "ImagePath"="system32\drivers\crcdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Crusoe]
    "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\crypt32]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\CryptSvc]
    "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DCLocator]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DcomLaunch]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DefragFS]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DfsC]
    "ImagePath"="System32\Drivers\dfsc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DFSR]
    "ImagePath"="%SystemRoot%\system32\DFSR.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Dhcp]
    "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\disk]
    "ImagePath"="system32\drivers\disk.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Dnscache]
    "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\dot3svc]
    "ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DPS]
    "ServiceDll"="%SystemRoot%\system32\dps.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\drmkaud]
    "ImagePath"="system32\drivers\drmkaud.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DXGKrnl]
    "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\E1G60]
    "ImagePath"="system32\DRIVERS\E1G60I32.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\EapHost]
    "ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Ecache]
    "ImagePath"="System32\drivers\ecache.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ehRecvr]
    "ImagePath"="%systemroot%\ehome\ehRecvr.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ehSched]
    "ImagePath"="%systemroot%\ehome\ehsched.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ehstart]
    "ServiceDll"="%SystemRoot%\ehome\ehstart.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\elxstor]
    "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\EmdCache]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\EMDMgmt]
    "ServiceDll"="%systemroot%\system32\emdmgmt.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ErrDev]
    "ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ESENT]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ETService]
    "ImagePath"="c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Eventlog]
    "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\EventSystem]
    "ServiceDll"="%systemroot%\system32\es.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\exfat]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\fastfat]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\fdc]
    "ImagePath"="system32\DRIVERS\fdc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\fdPHost]
    "ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\FDResPub]
    "ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\FileInfo]
    "ImagePath"="system32\drivers\fileinfo.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Filetrace]
    "ImagePath"="system32\drivers\filetrace.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\flpydisk]
    "ImagePath"="system32\DRIVERS\flpydisk.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\FltMgr]
    "ImagePath"="system32\drivers\fltmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\FontCache]
    "ServiceDll"="%SystemRoot%\system32\FntCache.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\FontCache3.0.0.0]
    "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Fs_Rec]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\gagp30kx]
    "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\GEARAspiWDM]
    "ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\gpsvc]
    "ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HdAudAddService]
    "ImagePath"="system32\drivers\HdAudio.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HDAudBus]
    "ImagePath"="system32\DRIVERS\HDAudBus.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HidBth]
    "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HidIr]
    "ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\hidserv]
    "ServiceDll"="%SystemRoot%\System32\hidserv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HidUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\hkmsvc]
    "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HpCISSs]
    "ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HTTP]
    "ImagePath"="system32\drivers\HTTP.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\i2omp]
    "ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\i8042prt]
    "ImagePath"="system32\DRIVERS\i8042prt.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iaStorV]
    "ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\idsvc]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iirsp]
    "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IKEEXT]
    "ServiceDll"="%SystemRoot%\System32\ikeext.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\inetaccs]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\int15]
    "ImagePath"="\??\c:\windows\system32\drivers\int15.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IntcAzAudAddService]
    "ImagePath"="system32\drivers\RTKVHDA.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\intelide]
    "ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\intelppm]
    "ImagePath"="system32\DRIVERS\intelppm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IPBusEnum]
    "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IpFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iphlpsvc]
    "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IpInIp]
    "ImagePath"="system32\DRIVERS\ipinip.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IPMIDRV]
    "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IPNAT]
    "ImagePath"="system32\DRIVERS\ipnat.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iPod Service]
    "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IRENUM]
    "ImagePath"="system32\drivers\irenum.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\isapnp]
    "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iScsiPrt]
    "ImagePath"="system32\DRIVERS\msiscsi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iteatapi]
    "ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iteraid]
    "ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\kbdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\kbdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\KeyIso]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\KSecDD]
    "ImagePath"="System32\Drivers\ksecdd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\KtmRm]
    "ServiceDll"="%systemroot%\system32\msdtckrm.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\LanmanServer]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\LanmanWorkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Lbd]
    "ImagePath"="system32\DRIVERS\Lbd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ldap]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\lltdio]
    "ImagePath"="system32\DRIVERS\lltdio.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\lltdsvc]
    "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\lmhosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Lsa]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\LSI_FC]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\LSI_SAS]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\LSI_SCSI]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\luafv]
    "ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MBAMProtector]
    "ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MBAMService]
    "ImagePath"="\"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Mcx2Svc]
    "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\megasas]
    "ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MegaSR]
    "ImagePath"="\SystemRoot\system32\drivers\megasr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MMCSS]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Modem]
    "ImagePath"="system32\drivers\modem.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\monitor]
    "ImagePath"="system32\DRIVERS\monitor.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MountMgr]
    "ImagePath"="System32\drivers\mountmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mpio]
    "ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MpKsla22ad28f]
    "ImagePath"="\??\c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB74DC68-B187-490C-A237-642160622152}\MpKsla22ad28f.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mpsdrv]
    "ImagePath"="System32\drivers\mpsdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MpsSvc]
    "ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Mraid35x]
    "ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MRxDAV]
    "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mrxsmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mrxsmb10]
    "ImagePath"="system32\DRIVERS\mrxsmb10.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mrxsmb20]
    "ImagePath"="system32\DRIVERS\mrxsmb20.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\msahci]
    "ImagePath"="\SystemRoot\system32\drivers\msahci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\msdsm]
    "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSDTC]
    "ImagePath"="%SystemRoot%\System32\msdtc.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSDTC Bridge 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSDTC Bridge 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Msfs]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\msisadrv]
    "ImagePath"="system32\drivers\msisadrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSiSCSI]
    "ServiceDll"="%systemroot%\system32\iscsiexe.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\msiserver]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MsRPC]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSSCNTRS]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mssmbios]
    "ImagePath"="system32\DRIVERS\mssmbios.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSTEE]
    "ImagePath"="system32\drivers\MSTEE.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Mup]
    "ImagePath"="System32\Drivers\mup.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\napagent]
    "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NativeWifiP]
    "ImagePath"="system32\DRIVERS\nwifi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NDIS]
    "ImagePath"="system32\drivers\ndis.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NdisTapi]
    "ImagePath"="system32\DRIVERS\ndistapi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Ndisuio]
    "ImagePath"="system32\DRIVERS\ndisuio.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NdisWan]
    "ImagePath"="system32\DRIVERS\ndiswan.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NDProxy]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NetBIOS]
    "ImagePath"="system32\DRIVERS\netbios.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\netbt]
    "ImagePath"="System32\DRIVERS\netbt.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Netlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Netman]
    "ServiceDll"="%SystemRoot%\System32\netman.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\netprofm]
    "ServiceDll"="%SystemRoot%\System32\netprofm.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NetTcpPortSharing]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nfrd960]
    "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NlaSvc]
    "ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Npfs]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nsi]
    "ServiceDll"="%systemroot%\system32\nsisvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nsiproxy]
    "ImagePath"="system32\drivers\nsiproxy.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NTDS]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Ntfs]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ntrigdigi]
    "ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Null]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nvlddmkm]
    "ImagePath"="system32\DRIVERS\nvlddmkm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nvraid]
    "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nvstor]
    "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nvstor32]
    "ImagePath"="system32\DRIVERS\nvstor32.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nvsvc]
    "ImagePath"="%SystemRoot%\system32\nvvsvc.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nvUpdatusService]
    "ImagePath"="c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nv_agp]
    "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NwlnkFlt]
    "ImagePath"="system32\DRIVERS\nwlnkflt.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NwlnkFwd]
    "ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\odserv]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ohci1394]
    "ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ose]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\p2pimsvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\p2psvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Parport]
    "ImagePath"="\SystemRoot\system32\drivers\parport.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\partmgr]
    "ImagePath"="System32\drivers\partmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Parvdm]
    "ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PcaSvc]
    "ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\pci]
    "ImagePath"="system32\drivers\pci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\pciide]
    "ImagePath"="system32\drivers\pciide.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\pcmcia]
    "ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PDAgent]
    "ImagePath"="\"c:\program files\Raxco\PerfectDisk10\PDAgent.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PDEngine]
    "ImagePath"="\"c:\program files\Raxco\PerfectDisk10\PDEngine.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PEAUTH]
    "ImagePath"="system32\drivers\peauth.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PerfDisk]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PerfNet]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PerfOS]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PerfProc]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\pla]
    "ServiceDll"="%systemroot%\system32\pla.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PlugPlay]
    "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PNRPAutoReg]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PNRPsvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PolicyAgent]
    "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PortProxy]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Processor]
    "ImagePath"="\SystemRoot\system32\drivers\processr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Profos]
    "ImagePath"="\??\c:\program files\Frontier\Frontier Security Services\BitDefender\profos.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ProfSvc]
    "ServiceDll"="%systemroot%\system32\profsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ProtectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PSched]
    "ImagePath"="system32\DRIVERS\pacer.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ql2300]
    "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ql40xx]
    "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\QWAVE]
    "ServiceDll"="%windir%\system32\qwave.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\QWAVEdrv]
    "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Radialpoint Security Services]
    "ImagePath"="\"c:\program files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RadialpointIDSAgent]
    "ImagePath"="\"c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe\" RadialpointIDSAgent"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RadialpointIDSDriver]
    "ImagePath"="\??\c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys"
    .
     
  20. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RadialpointIDSEH]
    "ImagePath"="system32\drivers\AVGIDSEH.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RadialpointIDSFilter]
    "ImagePath"="\??\c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RadialpointIDSShim]
    "ImagePath"="\??\c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RasAcd]
    "ImagePath"="System32\DRIVERS\rasacd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RasAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Rasl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RasMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RasPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RasSstp]
    "ImagePath"="system32\DRIVERS\rassstp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\rdbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RDPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RDPDD]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\rdpdr]
    "ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RDPENCDD]
    "ImagePath"="system32\drivers\rdpencdd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RDPNP]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RDPWD]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RemoteAccess]
    "ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RemoteRegistry]
    "ServiceDll"="%SystemRoot%\system32\regsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RpcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RpcSs]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RPPKT]
    "ImagePath"="system32\DRIVERS\rp_pkt32.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RPSKT]
    "ImagePath"="system32\DRIVERS\rp_skt32.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RP_FWS]
    "ImagePath"="c:\program files\Frontier\Frontier Security Services\Fws.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\rspndr]
    "ImagePath"="system32\DRIVERS\rspndr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RTL8169]
    "ImagePath"="system32\DRIVERS\Rtlh86.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SamSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sbp2port]
    "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\scan]
    "ServiceDll"="c:\program files\Frontier\Frontier Security Services\BitDefender\scan.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SCardSvr]
    "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Schedule]
    "ServiceDll"="%systemroot%\system32\schedsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SCPolicySvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SDRSVC]
    "ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\secdrv]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\seclogon]
    "ServiceDll"="%windir%\system32\seclogon.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Serenum]
    "ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Serial]
    "ImagePath"="\SystemRoot\system32\drivers\serial.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sermouse]
    "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ServiceModelEndpoint 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ServiceModelOperation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ServiceModelService 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ServicepointService]
    "ImagePath"="\"c:\program files\Frontier\Servicepoint\ServicepointService.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SessionEnv]
    "ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sfdrv01]
    "ImagePath"="System32\drivers\sfdrv01.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sffdisk]
    "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sffp_mmc]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sffp_sd]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sfhlp02]
    "ImagePath"="System32\drivers\sfhlp02.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sfloppy]
    "ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sfsync02]
    "ImagePath"="System32\drivers\sfsync02.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sfvfs02]
    "ImagePath"="System32\drivers\sfvfs02.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SharedAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ShellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sisagp]
    "ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SiSRaid2]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SiSRaid4]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\slsvc]
    "ImagePath"="%SystemRoot%\system32\SLsvc.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SLUINotify]
    "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Smb]
    "ImagePath"="system32\DRIVERS\smb.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SMSvcHost 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SMSvcHost 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SNMPTRAP]
    "ImagePath"="%SystemRoot%\System32\snmptrap.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\spldr]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Spooler]
    "ImagePath"="%SystemRoot%\System32\spoolsv.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sprtsvc_ddoctorv2]
    "ImagePath"="\"c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe\" /service /P ddoctorv2"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\srv]
    "ImagePath"="System32\DRIVERS\srv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\srv2]
    "ImagePath"="System32\DRIVERS\srv2.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\srvnet]
    "ImagePath"="System32\DRIVERS\srvnet.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sscdbus]
    "ImagePath"="system32\DRIVERS\sscdbus.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sscdserd]
    "ImagePath"="system32\DRIVERS\sscdserd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SSDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SstpSvc]
    "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\StarOpen]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\stisvc]
    "ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\swenum]
    "ImagePath"="system32\DRIVERS\swenum.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\swprv]
    "ServiceDll"="%Systemroot%\System32\swprv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Symc8xx]
    "ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Sym_hi]
    "ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Sym_u3]
    "ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SysMain]
    "ServiceDll"="%systemroot%\system32\sysmain.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TabletInputService]
    "ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TapiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TBS]
    "ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Tcpip]
    "ImagePath"="System32\drivers\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Tcpip6]
    "ImagePath"="system32\DRIVERS\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\tcpipreg]
    "ImagePath"="System32\drivers\tcpipreg.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TDPIPE]
    "ImagePath"="system32\drivers\tdpipe.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TDTCP]
    "ImagePath"="system32\drivers\tdtcp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\tdx]
    "ImagePath"="system32\DRIVERS\tdx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TermDD]
    "ImagePath"="system32\DRIVERS\termdd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Themes]
    "ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\THREADORDER]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TrkWks]
    "ServiceDll"="%SystemRoot%\System32\trkwks.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Trufos]
    "ImagePath"="\??\c:\program files\Frontier\Frontier Security Services\BitDefender\trufos.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TrustedInstaller]
    "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TSDDD]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\tssecsrv]
    "ImagePath"="System32\DRIVERS\tssecsrv.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\tunmp]
    "ImagePath"="system32\DRIVERS\tunmp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\tunnel]
    "ImagePath"="system32\DRIVERS\tunnel.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\uagp35]
    "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\udfs]
    "ImagePath"="system32\DRIVERS\udfs.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\UGatherer]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\UGTHRSVC]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\UI0Detect]
    "ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\uliagpkx]
    "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\uliahci]
    "ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\UlSata]
    "ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ulsata2]
    "ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\umbus]
    "ImagePath"="system32\DRIVERS\umbus.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usb]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\USBAAPL]
    "ImagePath"="System32\Drivers\usbaapl.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbcir]
    "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbehci]
    "ImagePath"="system32\DRIVERS\usbehci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbohci]
    "ImagePath"="system32\DRIVERS\usbohci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbprint]
    "ImagePath"="system32\DRIVERS\usbprint.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbscan]
    "ImagePath"="system32\DRIVERS\usbscan.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\USBSTOR]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbuhci]
    "ImagePath"="system32\DRIVERS\usbuhci.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\UxSms]
    "ServiceDll"="%SystemRoot%\System32\uxsms.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\VClone]
    "ImagePath"="system32\DRIVERS\VClone.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\vds]
    "ImagePath"="%SystemRoot%\System32\vds.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\vga]
    "ImagePath"="system32\DRIVERS\vgapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\VgaSave]
    "ImagePath"="\SystemRoot\System32\drivers\vga.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\viaagp]
    "ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ViaC7]
    "ImagePath"="\SystemRoot\system32\drivers\viac7.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\viaide]
    "ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\volmgr]
    "ImagePath"="system32\drivers\volmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\volmgrx]
    "ImagePath"="System32\drivers\volmgrx.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\volsnap]
    "ImagePath"="system32\drivers\volsnap.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\vsmraid]
    "ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\VSS]
    "ImagePath"="%systemroot%\system32\vssvc.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\VxD]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\W32Time]
    "ServiceDll"="%systemroot%\system32\w32time.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\W3SVC]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WacomPen]
    "ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Wanarp]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Wanarpv6]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\wcncsvc]
    "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WcsPlugInService]
    "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Wd]
    "ImagePath"="system32\drivers\wd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Wdf01000]
    "ImagePath"="system32\drivers\Wdf01000.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WdiServiceHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WdiSystemHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WebClient]
    "ServiceDll"="%SystemRoot%\System32\webclnt.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Wecsvc]
    "ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\wercplsupport]
    "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WerSvc]
    "ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WinDefend]
    "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Windows Workflow Foundation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WinHttpAutoProxySvc]
    "ServiceDll"="winhttp.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Winmgmt]
    "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WinRM]
    "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Winsock]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WinSock2]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Wlansvc]
    "ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WmiAcpi]
    "ImagePath"="system32\DRIVERS\wmiacpi.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WmiApRpl]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\wmiApSrv]
    "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WMPNetworkSvc]
    "ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WPCSvc]
    "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WPDBusEnum]
    "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WpdUsb]
    "ImagePath"="system32\DRIVERS\wpdusb.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WPFFontCache_v0400]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ws2ifsl]
    "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\wscsvc]
    "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WSearch]
    "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WSearchIdxPi]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\wuauserv]
    "ServiceDll"="%systemroot%\system32\wuaueng.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WUDFRd]
    "ImagePath"="system32\DRIVERS\WUDFRd.sys"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\wudfsvc]
    "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\xmlprov]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Services\{776B2AAC-54DD-4B4A-9919-42C18115253D}]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet019\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\NVIDIA Corporation\Display\nvtray.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\HP\HP Software Update\hpwuschd2.exe
    c:\windows\ehome\ehtray.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Frontier\Servicepoint\FrontierServicepoint.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-11-11 13:09:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-11 18:08
    ComboFix2.txt 2011-11-11 15:12
    .
    Pre-Run: 124,396,359,680 bytes free
    Post-Run: 124,037,042,176 bytes free
    .
    - - End Of File - - A3E22409F1119ABA8E67DBB09E1493BB

    One problem I had: After reboot and copying the log from CF, when I attempted to open Internet Explorer it said that it wasn't allowed because a registry was marked for deletion? I had to right click and run as administrator just to get online...

    Update: Just found that it does that anytime I try to open ANY program, when I tried to open notepad the same error came up, and once again would only work if i ran as administrator.
     
  21. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    You have to restart computer to fix that issue.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  22. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    OTL logfile created on: 11/11/2011 1:45:24 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kyle\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 50.57% Memory free
    5.73 Gb Paging File | 4.49 Gb Available in Paging File | 78.39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 285.09 Gb Total Space | 115.56 Gb Free Space | 40.54% Space Free | Partition Type: NTFS

    Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/11 13:43:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
    PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/10/15 03:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2011/10/15 03:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/01/20 15:00:02 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Frontier\Servicepoint\ServicepointService.exe
    PRC - [2011/01/20 14:59:58 | 004,318,520 | ---- | M] (Frontier) -- C:\Program Files\Frontier\Servicepoint\FrontierServicepoint.exe
    PRC - [2011/01/20 14:59:58 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Frontier\Servicepoint\FrontierServicepointComHandler.exe
    PRC - [2010/12/18 00:06:32 | 000,378,160 | ---- | M] (Frontier) -- C:\Program Files\Frontier\Frontier Security Services\RPS.exe
    PRC - [2010/12/18 00:06:32 | 000,167,016 | ---- | M] (Frontier) -- C:\Program Files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe
    PRC - [2010/12/18 00:05:34 | 000,382,280 | ---- | M] (Frontier) -- C:\Program Files\Frontier\Frontier Security Services\Fws.exe
    PRC - [2009/11/02 14:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
    PRC - [2009/11/02 14:26:48 | 000,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\bin\AVGIDSMonitor.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/07/23 13:25:32 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
    PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/01/20 14:51:08 | 000,158,208 | ---- | M] () -- C:\Program Files\Frontier\Servicepoint\Windows7Features.dll
    MOD - [2009/11/02 14:26:48 | 000,077,824 | ---- | M] () -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll
    MOD - [2009/11/02 14:26:48 | 000,057,344 | ---- | M] () -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/01/20 15:00:02 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Frontier\Servicepoint\ServicepointService.exe -- (ServicepointService)
    SRV - [2010/12/18 00:06:32 | 000,167,016 | ---- | M] (Frontier) [Auto | Running] -- C:\Program Files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
    SRV - [2010/12/18 00:05:34 | 000,382,280 | ---- | M] (Frontier) [Auto | Running] -- C:\Program Files\Frontier\Frontier Security Services\Fws.exe -- (RP_FWS)
    SRV - [2010/07/20 11:23:18 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Frontier\Frontier Security Services\BitDefender\scan.dll -- (scan)
    SRV - [2009/11/02 14:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
    SRV - [2009/06/08 11:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
    SRV - [2009/06/08 11:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
    SRV - [2008/07/22 21:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
    SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/10/15 03:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/06/27 12:38:04 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
    DRV - [2009/11/26 08:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\BitDefender\trufos.sys -- (Trufos)
    DRV - [2009/11/26 08:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\BitDefender\profos.sys -- (Profos)
    DRV - [2009/11/02 14:27:00 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
    DRV - [2009/11/02 14:27:00 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
    DRV - [2009/11/02 14:27:00 | 000,027,800 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
    DRV - [2009/10/23 12:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/06/08 09:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
    DRV - [2009/02/03 10:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
    DRV - [2008/08/13 17:14:34 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2008/06/11 13:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2008/01/25 07:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2007/07/23 09:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham1.sys -- (Alpham1)
    DRV - [2007/03/20 11:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham2.sys -- (Alpham2)
    DRV - [2007/02/08 12:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
    DRV - [2006/07/10 11:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
    DRV - [2006/06/14 09:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
    DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
    DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 40 EC 31 9D A0 CC 01 [binary data]
    IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Frontier\Servicepoint\nprpspa.dll (Frontier)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


    [2011/03/13 21:13:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\mozilla\Extensions
    [2009/09/04 11:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2011/03/13 21:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/02 20:18:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/05 13:02:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

    O1 HOSTS File: ([2011/11/11 13:03:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{776B2AAC-54DD-4B4A-9919-42C18115253D}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (PDBoot.exe)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: VIDC.3iv2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx.com)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
    Drivers32: VIDC.wmv3 - C:\Windows\System32\WMV9VCM.dll (Microsoft Corporation)
    Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/11 13:43:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
    [2011/11/11 13:09:09 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\temp
    [2011/11/11 13:03:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/11/11 12:13:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/11 11:50:28 | 000,000,000 | ---D | C] -- C:\kylel6361k
    [2011/11/11 09:46:05 | 000,000,000 | ---D | C] -- C:\kylel
    [2011/11/11 09:33:18 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\kdiddy.exe
    [2011/11/11 09:32:41 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Kyle\Desktop\kMlBwR.exe
    [2011/11/10 23:59:23 | 004,289,973 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\kylel.exe
    [2011/11/10 22:52:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/10 22:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/10 22:51:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/10 22:40:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/11/10 22:32:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/10 22:27:12 | 009,130,808 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Kyle\Desktop\AppRemover.exe.3wa5vbk.partial
    [2011/11/10 21:20:17 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kyle\Desktop\HijackThis.exe
    [2011/11/10 20:36:38 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
    [2011/11/10 13:27:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
    [2011/11/10 06:25:14 | 000,000,000 | R-SD | C] -- C:\Users\Kyle\Documents\My Stationery
    [2011/11/09 17:54:04 | 000,065,808 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
    [2011/11/09 17:53:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\RootkitBuster_5.00.1041
    [2011/11/09 16:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
    [2011/11/09 16:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
    [2011/11/09 15:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2011/11/09 14:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AML Free Registry Cleaner
    [2011/11/09 14:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\AML Products
    [2011/11/09 14:38:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
    [2011/11/09 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
    [2011/11/09 13:49:41 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
    [2011/11/09 09:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/09 09:48:56 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/11/05 18:40:40 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Conduit
    [2011/11/05 18:36:20 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\WoW+Gametime+Card+Generator+v2
    [2011/11/02 17:34:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\IEP
    [2011/10/17 12:41:33 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\Flip
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/11 13:43:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
    [2011/11/11 13:32:01 | 000,000,904 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000UA.job
    [2011/11/11 13:09:00 | 000,605,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/11 13:09:00 | 000,104,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/11 13:03:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/11/11 13:02:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/11 13:02:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/11 13:02:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/11 11:40:26 | 004,289,973 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\kylel.exe
    [2011/11/11 10:22:53 | 000,000,512 | ---- | M] () -- C:\Users\Kyle\Desktop\MBR.dat
    [2011/11/11 09:33:18 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\kdiddy.exe
    [2011/11/11 09:32:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Kyle\Desktop\kMlBwR.exe
    [2011/11/10 23:57:48 | 001,008,092 | ---- | M] () -- C:\Users\Kyle\Desktop\rkill.scr
    [2011/11/10 22:40:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/11/10 22:29:01 | 000,006,749 | ---- | M] () -- C:\Users\Kyle\Desktop\latest.rtf
    [2011/11/10 22:27:31 | 009,130,808 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Kyle\Desktop\AppRemover.exe.3wa5vbk.partial
    [2011/11/10 21:46:11 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Kyle\Desktop\boot_cleaner.exe
    [2011/11/10 21:20:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kyle\Desktop\HijackThis.exe
    [2011/11/10 20:36:38 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
    [2011/11/10 13:27:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
    [2011/11/10 13:26:40 | 000,302,592 | ---- | M] () -- C:\Users\Kyle\Desktop\5g1vz0ux.exe
    [2011/11/10 13:26:19 | 000,302,592 | ---- | M] () -- C:\Users\Kyle\Desktop\vihmwieo.exe.5vki4ku.partial
    [2011/11/10 08:56:21 | 000,000,626 | ---- | M] () -- C:\Users\Kyle\Desktop\World of Warcraft - Shortcut.lnk
    [2011/11/10 08:32:19 | 000,001,356 | ---- | M] () -- C:\Users\Kyle\AppData\Local\d3d9caps.dat
    [2011/11/10 05:32:01 | 000,000,852 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000Core.job
    [2011/11/09 17:54:39 | 000,065,808 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
    [2011/11/09 16:35:21 | 000,001,339 | ---- | M] () -- C:\Windows\wininit.ini
    [2011/11/09 16:19:35 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2011/11/09 15:36:53 | 002,345,954 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/11/09 15:07:17 | 003,655,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/11/09 14:39:59 | 000,000,977 | ---- | M] () -- C:\Users\Kyle\Desktop\AML Free Registry Cleaner.lnk
    [2011/11/09 13:59:45 | 000,305,152 | ---- | M] () -- C:\Users\Kyle\Documents\windiag.iso
    [2011/11/09 12:08:35 | 000,000,911 | ---- | M] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2011/11/09 09:48:59 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/09 09:28:30 | 000,000,304 | ---- | M] () -- C:\ProgramData\~1QrzVQxl0OlX6o
    [2011/11/09 09:28:30 | 000,000,224 | ---- | M] () -- C:\ProgramData\~1QrzVQxl0OlX6or
    [2011/11/09 09:28:26 | 000,000,344 | ---- | M] () -- C:\ProgramData\1QrzVQxl0OlX6o
    [2011/11/07 18:35:57 | 000,000,000 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    [2011/11/07 12:39:32 | 000,136,704 | ---- | M] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/05 17:32:26 | 000,000,064 | -H-- | M] () -- C:\Windows\System32\rp_stats.dat
    [2011/11/05 17:32:26 | 000,000,044 | -H-- | M] () -- C:\Windows\System32\rp_rules.dat
    [2011/11/05 17:27:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2011/10/20 13:03:56 | 000,002,569 | ---- | M] () -- C:\Users\Kyle\Desktop\Microsoft Office Word 2003.lnk
    [2011/10/17 13:47:47 | 000,000,279 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\burnaware.ini
    [2011/10/15 03:53:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
    [2011/10/15 03:53:00 | 000,004,359 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/11 10:22:53 | 000,000,512 | ---- | C] () -- C:\Users\Kyle\Desktop\MBR.dat
    [2011/11/10 23:57:47 | 001,008,092 | ---- | C] () -- C:\Users\Kyle\Desktop\rkill.scr
    [2011/11/10 22:52:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/10 22:52:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/10 22:52:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/10 22:52:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/10 22:52:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/10 22:29:01 | 000,006,749 | ---- | C] () -- C:\Users\Kyle\Desktop\latest.rtf
    [2011/11/10 13:26:40 | 000,302,592 | ---- | C] () -- C:\Users\Kyle\Desktop\5g1vz0ux.exe
    [2011/11/10 13:26:18 | 000,302,592 | ---- | C] () -- C:\Users\Kyle\Desktop\vihmwieo.exe.5vki4ku.partial
    [2011/11/10 08:56:21 | 000,000,626 | ---- | C] () -- C:\Users\Kyle\Desktop\World of Warcraft - Shortcut.lnk
    [2011/11/09 16:17:57 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2011/11/09 15:35:48 | 002,345,954 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/11/09 14:39:59 | 000,000,977 | ---- | C] () -- C:\Users\Kyle\Desktop\AML Free Registry Cleaner.lnk
    [2011/11/09 13:59:45 | 000,305,152 | ---- | C] () -- C:\Users\Kyle\Documents\windiag.iso
    [2011/11/09 12:08:35 | 000,000,911 | ---- | C] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2011/11/09 09:48:59 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/09 09:28:30 | 000,000,224 | ---- | C] () -- C:\ProgramData\~1QrzVQxl0OlX6or
    [2011/11/09 09:28:29 | 000,000,304 | ---- | C] () -- C:\ProgramData\~1QrzVQxl0OlX6o
    [2011/11/09 09:28:26 | 000,000,344 | ---- | C] () -- C:\ProgramData\1QrzVQxl0OlX6o
    [2011/11/07 18:35:57 | 000,000,000 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    [2011/10/17 13:25:11 | 000,000,279 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\burnaware.ini
    [2011/08/18 08:51:45 | 000,012,360 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\fr5abntx7221up83m1u16qhnsp5ej888x45684u513dw
    [2011/08/18 08:51:45 | 000,012,360 | -HS- | C] () -- C:\ProgramData\fr5abntx7221up83m1u16qhnsp5ej888x45684u513dw
    [2011/08/13 19:48:35 | 000,000,064 | -H-- | C] () -- C:\Windows\System32\rp_stats.dat
    [2011/08/13 19:48:35 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\rp_rules.dat
    [2011/08/08 13:03:11 | 000,000,304 | ---- | C] () -- C:\Windows\dellstat.ini
    [2011/08/08 12:59:49 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
    [2011/07/25 07:56:24 | 000,010,848 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7
    [2011/07/25 07:56:24 | 000,010,848 | -HS- | C] () -- C:\ProgramData\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7
    [2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\xmfu.exe
    [2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\qunm.exe
    [2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\qmev.exe
    [2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\demo.exe
    [2011/06/20 20:18:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/06/18 10:45:38 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/05/12 11:23:12 | 000,011,322 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\lnyr821l053312
    [2011/05/12 11:23:12 | 000,011,322 | -HS- | C] () -- C:\ProgramData\lnyr821l053312
    [2010/07/09 17:17:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/01/07 12:16:51 | 000,069,632 | RH-- | C] () -- C:\Windows\System32\xmltok.dll
    [2010/01/07 12:16:51 | 000,036,864 | RH-- | C] () -- C:\Windows\System32\xmlparse.dll
    [2009/11/09 17:06:44 | 000,001,339 | ---- | C] () -- C:\Windows\wininit.ini
    [2009/11/02 16:01:00 | 000,001,609 | ---- | C] () -- C:\Windows\dhstatus.dat
    [2009/11/02 15:40:38 | 000,001,561 | ---- | C] () -- C:\Windows\checkip.dat
    [2009/10/21 12:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys
    [2009/09/29 11:40:41 | 000,001,356 | ---- | C] () -- C:\Users\Kyle\AppData\Local\d3d9caps.dat
    [2009/09/24 02:05:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/24 02:05:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/01 12:18:05 | 000,568,850 | -H-- | C] () -- C:\Windows\System32\x264vfw.dll
    [2009/09/01 12:18:04 | 003,596,288 | -H-- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2009/09/01 12:18:04 | 000,856,064 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/09/01 12:18:04 | 000,217,088 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/09/01 12:10:29 | 000,136,704 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/31 13:00:22 | 000,021,504 | -H-- | C] () -- C:\Windows\System32\WBCustomizer.dll
    [2009/08/31 13:00:21 | 000,185,344 | -H-- | C] () -- C:\Windows\System32\MemWarp.dll
    [2009/08/03 14:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/04/29 03:34:26 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll
    [2009/04/02 01:14:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2007/02/07 21:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 003,655,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,605,012 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,104,342 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/11/10 07:15:04 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Absolute Poker
    [2011/06/28 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\AnvSoft
    [2010/10/17 18:50:57 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\AVG10
    [2011/05/26 16:51:59 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/01/16 12:26:28 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/06/27 15:03:58 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Frontier
    [2010/07/05 15:12:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Ideazon
    [2009/09/03 09:46:18 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MusicNet
    [2011/11/09 15:01:32 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\uTorrent
    [2011/11/11 12:13:29 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/11/09 14:11:33 | 000,025,295 | ---- | M] () -- C:\aaw7boot.log
    [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/06/05 22:11:59 | 000,000,000 | ---- | M] () -- C:\BnetLog.txt
    [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/04/02 01:36:48 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/11/11 13:09:06 | 000,068,717 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/03/10 20:20:52 | 000,799,352 | ---- | M] () -- C:\D2XP_IX86_112a_113c.mpq
    [2011/03/10 12:43:09 | 000,000,714 | ---- | M] () -- C:\deltaStartup.log
    [2011/08/10 19:52:05 | 000,000,592 | ---- | M] () -- C:\dlbk.log
    [2011/08/08 11:55:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/04/02 02:26:35 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
    [2011/08/08 11:55:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/11/11 13:02:08 | 3265,802,240 | -HS- | M] () -- C:\pagefile.sys
    [2009/04/29 03:36:20 | 000,000,163 | ---- | M] () -- C:\power2go.log
    [2009/04/02 02:17:05 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
    [2011/11/11 09:44:54 | 000,000,583 | ---- | M] () -- C:\rkill.log
    [2011/11/11 09:45:20 | 000,000,583 | ---- | M] () -- C:\rkillscan.txt
    [2011/11/11 09:35:07 | 000,074,470 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_11.11.2011_09.34.22_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/06/13 16:52:10 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2008/12/05 00:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/11/09 12:08:35 | 000,000,082 | -HS- | M] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/11/10 13:26:40 | 000,302,592 | ---- | M] () -- C:\Users\Kyle\Desktop\5g1vz0ux.exe
    [2011/11/10 21:46:11 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Kyle\Desktop\boot_cleaner.exe
    [2011/11/10 21:20:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kyle\Desktop\HijackThis.exe
    [2011/11/11 09:33:18 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\kdiddy.exe
    [2011/11/11 09:32:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Kyle\Desktop\kMlBwR.exe
    [2011/11/11 11:40:26 | 004,289,973 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\kylel.exe
    [2011/11/11 13:43:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/11/09 13:40:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/11/09 13:40:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/11/09 13:40:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/11/09 13:40:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011/11/09 13:40:47 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/09/01 11:44:07 | 000,000,402 | -HS- | M] () -- C:\Users\Kyle\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/11/09 09:28:26 | 000,000,344 | ---- | M] () -- C:\ProgramData\1QrzVQxl0OlX6o
    [2011/07/25 11:53:15 | 000,010,848 | -HS- | M] () -- C:\ProgramData\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7
    [2011/07/25 07:56:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\demo.exe
    [2011/08/18 08:59:17 | 000,012,360 | -HS- | M] () -- C:\ProgramData\fr5abntx7221up83m1u16qhnsp5ej888x45684u513dw
    [2011/05/12 11:25:08 | 000,011,322 | -HS- | M] () -- C:\ProgramData\lnyr821l053312
    [2011/11/10 22:40:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/07/25 07:56:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\qmev.exe
    [2011/07/25 07:56:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\qunm.exe
    [2011/07/25 07:56:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\xmfu.exe
    [2011/11/09 09:28:30 | 000,000,304 | ---- | M] () -- C:\ProgramData\~1QrzVQxl0OlX6o
    [2011/11/09 09:28:30 | 000,000,224 | ---- | M] () -- C:\ProgramData\~1QrzVQxl0OlX6or

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
     
  23. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    OTL Extras logfile created on: 11/11/2011 1:45:24 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kyle\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.75 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 50.57% Memory free
    5.73 Gb Paging File | 4.49 Gb Available in Paging File | 78.39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 285.09 Gb Total Space | 115.56 Gb Free Space | 40.54% Space Free | Partition Type: NTFS

    Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0DECFC3D-4F0B-41B0-83D8-C50728D51C99}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1C31C8D3-630B-4C48-8230-78791615F79F}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{1DA2DE6D-5322-4E58-B31D-55DB579733B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1F123CA9-4DEF-4093-AFF0-717762C54C4B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{2AA7F304-84A2-4C1A-BDBA-434A4F467DB8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{347BF381-F3FC-45AE-9305-B15BC358912C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{34C7C91D-3B89-4234-BE78-01523AC2126B}" = rport=139 | protocol=6 | dir=out | app=system |
    "{39206CEB-BD22-4431-847E-582C432B1C74}" = lport=139 | protocol=6 | dir=in | app=system |
    "{3F3415A7-19D8-4591-941B-C62F79FA6D9E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
    "{4FD6C5D3-01C6-4D46-A7FA-8C69CEA57E20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{53832D76-F6AD-41AA-9933-66F29A6AF72C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{594992BB-544B-4736-A215-3A7D9C7EABC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{64B23B48-AEE2-4343-8814-F8700375E11F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{929B5E37-001E-44CD-BBEB-D968134D3FF9}" = lport=138 | protocol=17 | dir=in | app=system |
    "{985D2E51-A24D-46E5-B2D8-83426EC283E5}" = lport=54781 | protocol=6 | dir=in | name=akamai netsession interface |
    "{99732168-B93E-4F45-A5CA-EF50F70658A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{A551E6A7-4118-4303-B3A2-50E838C49F80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AFCB91F0-6AEB-41AA-B57F-E48CBA15FB73}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{AFF95373-1F35-44AD-8A56-215C501CB30A}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B87C32C2-C744-4627-95F6-D350982691C5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B9CEA22D-BF15-4839-A3F0-B593058950F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{BE9291D7-D501-40A3-B99E-1C6ECF39816C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{CFBDC2EA-42FA-4C88-B359-FC22DEF8AE09}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{D5A42123-8FF6-42E6-8B92-A787E4DA6FED}" = rport=445 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04DCF5E3-7BC1-4DAC-A133-1046F1C081AF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{0B683A0A-F376-405E-A849-A1D72886F623}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{10EF263B-46BE-4885-8AE9-457242F3F192}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{15847D6F-9E65-4C13-BE9D-76E42ADCEA73}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{18158FB9-950E-491D-81E3-CC28332701F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{235F293A-3D53-4D17-8A07-66CC71DE3462}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{41CA2E25-C7C8-4284-8AC4-923B003AA7A6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{42626298-5EE0-4A88-B0C2-CBEFD47C9E55}" = protocol=6 | dir=out | app=system |
    "{44E91014-55E9-41E5-A5A0-D474C32F49D7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{492FFF33-F0D2-4623-9F54-C17BD5AF27CB}" = protocol=58 | dir=in | app=system |
    "{4EE9FE62-B5BF-4F49-9AAF-EC471EFE4E9A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{64223E77-6ED1-4714-BD39-1B9F3869E436}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68B0BA6E-65DC-4C2C-A4AA-C66285C229D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6AC4DDEA-9D61-46FA-9184-CE17126A3FA3}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
    "{77024735-C796-436F-B803-D31030F881BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{79E3DFA0-9827-47E7-BE9A-AA017B70903D}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
    "{7A3C95F0-6DE2-4539-89C5-BBFD4A1386BD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{7B1D2E4F-99DC-4724-AF1D-61796967B9A3}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
    "{7B6E33FC-AF7E-4F1C-AF76-FFD77E92B6F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{808C94F0-061E-42F9-98C9-BB68425C5A8E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{896C45A6-B8D9-4157-ABE8-BC4A2F5FEDEA}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
    "{9284414C-2E18-4D34-9D5C-32066A68EDF5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{92F61E6C-0C39-481B-94D1-33D12CF61B86}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{97296A2F-0FA7-46EB-8CEB-B40C78D4DE5F}" = protocol=17 | dir=in | app=c:\program files\frontier\servicepoint\servicepointservice.exe |
    "{99E5D379-A1EF-4F15-891D-0FF87804415B}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{9AA72F54-BD08-45A5-95F1-F6FAC87EC04C}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
    "{9DB04673-0893-43D7-BE11-11B9AF6E4842}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9F66CDF5-30D9-447E-9E24-710281E70500}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A5825243-35E8-45EA-940F-D7D87E5ED17C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{B1236E7C-5462-4155-A55B-32BAB4896DB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B376A2C4-426C-4B18-ACA5-8C5847E388C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BCE2B87B-CA1C-4BE1-98F4-68E1F83C338D}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
    "{C3F912E6-AAF4-4CCF-945B-70E811DD54F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{C4D6538F-35B3-4812-9ED0-CCA30A1921E6}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
    "{D393D493-933B-45C7-884D-C93BD67223C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D4C054A6-72E1-41F8-8B7D-3FCC1467C612}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{E3179F04-FF2D-45EC-9614-77A31F6D4F63}" = protocol=6 | dir=in | app=c:\program files\frontier\servicepoint\servicepointservice.exe |
    "{E3B8FB1E-FA82-4612-9BA2-B5BC51390639}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{E880D944-D6EE-4294-8AF6-4B4CDFA797F0}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
    "{ECD9C850-C377-45F5-AF6A-98A63E215AD5}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
    "{ED83F534-B87F-4AE4-9AA6-873FECEC6EEA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{F13BEEC9-84B1-4791-8F2F-0938E8F05F3C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "TCP Query User{0BD4E486-2144-440F-BB06-39058BBD894A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "TCP Query User{5F8B575C-9CE0-45B0-AFCB-856216AD83BB}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
    "TCP Query User{81C91D79-1587-418B-8697-315F3746825D}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
    "TCP Query User{8CA8BE03-0417-4E9A-8C1A-26D85BC6F2B1}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |
    "TCP Query User{AA2B1EFC-0DB5-41C5-A137-74C29EBE2EED}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
    "TCP Query User{AB95B8DE-F63D-4F5F-BB24-BEA405E92A4B}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
    "TCP Query User{B1BB5C86-9C25-4468-BD2B-29564E912FAA}C:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{BA255BE3-30B8-4440-BDFF-ED932E871DF9}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
    "TCP Query User{D5C33B27-A79C-432E-A1AE-704F95EC70E4}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
    "UDP Query User{12296E3C-1287-4D2F-90B8-64C75E518957}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "UDP Query User{4BA8952A-3383-48AF-BE47-2CA40B7B6AD2}C:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{589F253A-BB4A-45AC-A099-D9FD6BA1299B}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
    "UDP Query User{83A41E23-04B9-4BE8-A4FC-16EC86233F01}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
    "UDP Query User{B99296DA-285A-445C-B306-335FD96A2229}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
    "UDP Query User{C3CFD380-4089-4991-A39F-BE2395210EB7}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
    "UDP Query User{F0748859-CB3C-44D9-B915-9C90C7973D8E}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
    "UDP Query User{F14674DE-4303-48B4-B227-86AD7CDFC615}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
    "UDP Query User{F97F2195-CD1A-41E9-9850-8A8CC39A526A}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
    "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
    "{2EBF21B6-FDBD-4149-86B5-46597943A7DC}" = RPS RpsCore
    "{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.22
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{474A7BA6-A657-4152-8FB5-244D178D7174}" = HP Officejet 6500 E710a-f Product Improvement Study
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{50A8A0BD-0A25-4D42-BA55-6BE0318EF5DB}" = RPS PerfectDiskStub
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{670A25D9-1029-4D4E-93FF-66B3C07769D6}" = HP Officejet 6500 E710a-f Basic Device Software
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{71560926-55A4-4FCA-AF51-C10C3C81B2AD}" = RPS CRT
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FBBED4BA-6BC6-47F2-B1F1-2E7064B425BA}" = Frontier Security Services
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
    "Any Video Converter_is1" = Any Video Converter 3.2.5
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Diablo II" = Diablo II
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "KLiteCodecPack_is1" = K-Lite Codec Pack 2.72 Full
    "LSI Soft Modem" = LSI PCI-SV92PP Soft Modem
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "RadialpointClientGateway_is1" = Frontier Servicepoint 3.7.44
    "StarCraft II" = StarCraft II
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Absolute Poker" = Absolute Poker
    "Charter Browser Updater" = Charter Browser Updater
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/10/2011 8:47:27 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/10/2011 8:47:27 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/10/2011 8:56:34 AM | Computer Name = Kyle-PC | Source = EventSystem | ID = 4609
    Description =

    [ System Events ]
    Error - 11/11/2011 10:58:07 AM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/11/2011 11:08:54 AM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/11/2011 11:45:22 AM | Computer Name = Kyle-PC | Source = disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR8, has a bad block.

    Error - 11/11/2011 12:41:45 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/11/2011 12:47:13 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/11/2011 12:51:53 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/11/2011 1:03:11 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/11/2011 1:13:06 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/11/2011 1:13:13 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/11/2011 2:03:48 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     
  24. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    I ran that before restarting, hope that doesn't mess it up...:eek:
     
  25. klwcr063085

    klwcr063085 TS Rookie Topic Starter Posts: 31

    Oh yeah, and the computer seems to be running much better... Seems to be running programs at normal speed again, and havent had any popups or random sound files playing in the background anymore as of right now!
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.